Under the mandatory requirements of the Data Handling Report published on 25 June 2008, the Home Office is required to give a summary report on data breaches reported to the Information Commissioner in our annual resource accounts.
The Home Office has published details of the protected personal data related incidents notified to the Information Commissioner’s Office in 2007-08 in its resource accounts published on 8 August 2008 (a copy of which is in the House Library). We will be publishing information on any personal data security breaches reported to the Information Commissioner for the 2008-09 reporting year before Parliament rises in July. The information is currently being compiled and is to be audited and verified before it is laid before Parliament.
In 2008-09, the Home Office made two notifications to the Information Commissioner. One related to the PA consulting data loss incident, which included information set out in my predecessor’s formal notification to the Information Commissioner (a copy of which is in the House Library) about the number of individual subjects affected. The other was a potential incident in the UK Border Agency involving the loss of a data stick on UKBA premises. The data stick was subsequently found at an internal location so this was not in fact a notifiable incident.
The information requested is set out in the following table:
HO UKBA IPS CRB HO UKBA IPS CRB Breaches of data protection requirements 0 1— 8 0 0 1— 7 0 Inappropriate use of personal or sensitive data 1— 1— 0 0 1— 0 1— 0 1Less than five. Note: Where there have been less than five such cases it is the policy of the Home Office to confine this information on grounds of confidentiality.