Skip to main content

Departmental Data Protection

Volume 493: debated on Thursday 11 June 2009

To ask the Secretary of State for the Home Department how many notifications his Department made to the Information Commissioner in the year ended 30 April 2009 in respect of the loss or mishandling of personal information or data; what was notified in each such case; and how many individuals were the subjects of personal information or data in respect of which such notifications were made. (278719)

Under the mandatory requirements of the Data Handling Report published on 25 June 2008, the Home Office is required to give a summary report on data breaches reported to the Information Commissioner in our annual resource accounts.

The Home Office has published details of the protected personal data related incidents notified to the Information Commissioner’s Office in 2007-08 in its resource accounts published on 8 August 2008 (a copy of which is in the House Library). We will be publishing information on any personal data security breaches reported to the Information Commissioner for the 2008-09 reporting year before Parliament rises in July. The information is currently being compiled and is to be audited and verified before it is laid before Parliament.

In 2008-09, the Home Office made two notifications to the Information Commissioner. One related to the PA consulting data loss incident, which included information set out in my predecessor’s formal notification to the Information Commissioner (a copy of which is in the House Library) about the number of individual subjects affected. The other was a potential incident in the UK Border Agency involving the loss of a data stick on UKBA premises. The data stick was subsequently found at an internal location so this was not in fact a notifiable incident.

To ask the Secretary of State for the Home Department how many officials in (a) his Department and (b) its agencies have been (i) disciplined and (ii) dismissed for (A) breaches of data protection requirements and (B) inappropriate use of personal or sensitive data in the last 12 months. (278720)

The information requested is set out in the following table:

DisciplinedDismissed

HO

UKBA

IPS

CRB

HO

UKBA

IPS

CRB

Breaches of data protection requirements

0

1

8

0

0

1

7

0

Inappropriate use of personal or sensitive data

1

1

0

0

1

0

1

0

1Less than five. Note: Where there have been less than five such cases it is the policy of the Home Office to confine this information on grounds of confidentiality.