In the last five years the Department of Health has recorded one notifiable breach of information security.
There were no reportable breaches for either of the Department's two executive agencies—the Medicines and Healthcare products Regulatory Agency (MHRA) and NHS Purchasing and Supply Agency (PASA).
The Department and its agencies report all significant personal data security breaches to the Cabinet Office and the Information Commissioner (IC). Information on personal security data breaches are published on an annual basis in the Department's annual resource accounts as required under the mandatory requirements of the Data Handling Report published on 25 June 2008.
The Department reported on the above personal data breach in its 2007-08 annual resource account, which can be found at
A copy has been placed in the Library.
Additionally, all significant control weaknesses including other significant security breaches are included in the Statement of Internal Control which is published within the annual resource accounts.