Data Protection Breaches

Jonathan Mantle made this Freedom of Information request to Department for Work and Pensions

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Jonathan Mantle

Dear Department for Work and Pensions,

Please can you tell me how many times you have had to regsinter a Data Protection Breach with the ICO since 01/01/15 until time of writing?

Yours faithfully,

Jonathan Mantle

DWP freedom-of-information-requests, Department for Work and Pensions

This is an automated confirmation that your request for information has
been accepted by the DWP FoI mailbox.
By the next working day your request will be forwarded to the relevant
information owner within the Department who will respond to you direct. 
If your email is a Freedom of Information request you can normally
expect a response within 20 working days.
Should you have any further queries in connection with this request do
please contact us.
For further information on the Freedom of Information Act within DWP
please click on the link below.

show quoted sections


Visible links

DWP CSO FOI, Department for Work and Pensions

2 Attachments

Dear Jonathan Mantle


Please find attached response to your FoI request.


Kind Regards


DWP Central FoI Team


show quoted sections

navartne left an annotation ()

Wow!, only 2 data 'incidents' (In DWP speak, data breaches are called 'Data incidents').

Annual Report says "In each case, we put in place further controls to reduce the risk of future incidents of this type. In both instances the Information Commissioner was satisfied with our response and took no action. "

"...We put in place further controls to reduce the risk of FUTURE INCIDENTS...". Sounds all too familiar and all too casual.

Actually, although self-reported breaches (incidents) may be as low as two, breaches reported by whistleblowers may be higher. See:

Also, what about any self-reported breaches by DWP external suppliers?, doesn't that need to be disclosed in the Annual report?. Seems very convenient not to.

For example, DWP could say "we are not aware of any self-reported breaches..sorry..'incidents' by any of our external suppliers", or "we are not responsible for any data incidents by our external suppliers"