The Treasury Group reports all significant personal data security breaches to the Cabinet Office and the Information Commissioner’s Office. Information on personal data security breaches are published on an annual basis in the Department’s annual resource accounts as was announced in the Data Handling Review published on 25 June 2008. The Department has had no personal data security breaches in the last five years.
Additionally, any significant control weaknesses—including other significant security breaches (of which there have been none during the last five years)—are required to be included in the Statement of Internal Control, published within the Department’s annual resource accounts.
In the five years to 2008-09 there were six less significant breaches of information security.