Breaches of the Data Protection Act by IPSA
Request
Details of incidents when the Data Protection Act has been breached, including data lost, by your employees and contractors over the past three years
For clarity, you broke your request down into four areas:
The total number of times there has been a breach of the Data Protection Act including data loss in the period,
The total number of employees that have been disciplined internally for breaches of Data Protection Act in the period
Please also provide details of each breach of the Data Protection Act, for example the type of Data that was involved and the number of people affected.
Details of action taken, including whether each breach was reported to the Information Commissioner’s Office
Response
IPSA holds the information that you request.
In your email, you specified that the request should cover the period from 1 July 2009 to 1 July 2012. Our records began when IPSA came into existence on 7 May 2010 and, therefore, the information will cover the period from 7 May 2010 to date.
Annex A lists two events that resulted in breaches of the Data Protection Act. The first item in Annex A was recognised by IPSA as a serious breach and was reported by IPSA to the Information Commissioner’s Office (ICO). Undertakings were agreed between IPSA and the ICO to address the breach. Further details of this can be viewed via this link to the ICO’s website.
The remaining item in Annex A describes a non-serious breach, where encrypted data was contained in a secured device. As per the ICO’s guidance, breaches that do not fall into the definition of serious are not required to be reported to the ICO.
The information that you have requested has been provided in the format you requested in your email.
Annex A - Breaches of the Data Protection Act
Organisation | Description | Data affected | Disciplinary action taken | Action taken including notification to ICO |
IPSA | Internal IPSA report containing expense claim details made available to 11 MPs via the online expenses system | Bank account details, car registrations, details of MPs’ expense claims and names of claimants | Immediate dismissal of contractor | Notification made to the ICO and an undertaking carried out. Further details can be viewed on the ICO website |
IPSA | Theft of IPSA Blackberry during household burglary | Encrypted business emails contained on a security protected Blackberry, which may have contained names, business telephone numbers and business email addresses of IPSA employees | None | None |
Is this page helpful?
- Ref:
- FOI2012-A062
- Disclosure:
- 13 August 2012
- Categories:
- IPSA - OPERATIONS
- Exemptions Applied:
- None