Central Office of Information: Security

Danny Alexander
To ask the Minister for the Cabinet Office how many breaches of security at the Central Office of Information have occurred in the last five years; and what procedures that agency follows when a breach of security involves the disclosure of personal data.

Tessa Jowell
The information requested falls within the responsibility of the Central Office of Information. I have asked the chief executive to reply.

Letter from Mark Lund, dated June 2009:

As Chief Executive of the Central Office of Information (COI), I have been asked to reply to your recent Parliamentary Question on the Security Breaches (276941).

In the last five years the Central Office of Information (COI) has had no reported breaches of security.

It is COI policy to report all significant personal data security breaches to the Cabinet Office and the Information Commissioner's Office (ICO). Information on personal data security breaches is published on an annual basis in the department's Annual Report and Accounts as announced in the Data Handling. Procedures in Government Review published on 25th June 2008.

Additionally, all significant control weaknesses including other significant security breaches are included in the Statement of Internal Control which is also published within the Annual Report and Accounts.