Breaches of the Data Protection Act by IPSA
IPSA holds the information that you request.
In your email, you specified that the request should cover the period from 1 July 2009 to 1 July 2012. Our records began when IPSA came into existence on 7 May 2010 and, therefore, the information will cover the period from 7 May 2010 to date.
Annex A lists two events that resulted in breaches of the Data Protection Act. The first item in Annex A was recognised by IPSA as a serious breach and was reported by IPSA to the Information Commissioner’s Office (ICO). Undertakings were agreed between IPSA and the ICO to address the breach. Further details of this can be viewed via this link to the ICO’s website.
The remaining item in Annex A describes a non-serious breach, where encrypted data was contained in a secured device. As per the ICO’s guidance, breaches that do not fall into the definition of serious are not required to be reported to the ICO.
The information that you have requested has been provided in the format you requested in your email.
Annex A - Breaches of the Data Protection Act
|Organisation||Description||Data affected||Disciplinary action taken||Action taken including notification to ICO|
|IPSA||Internal IPSA report containing expense claim details made available to 11 MPs via the online expenses system||Bank account details, car registrations, details of MPs’ expense claims and names of claimants||Immediate dismissal of contractor||Notification made to the ICO and an undertaking carried out. Further details can be viewed on the ICO website|
|IPSA||Theft of IPSA Blackberry during household burglary||Encrypted business emails contained on a security protected Blackberry, which may have contained names, business telephone numbers and business email addresses of IPSA employees||None||None|
Is this page helpful?
- August 13, 2012
- IPSA - OPERATIONS
- Exemptions Applied: