Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, how many data incidents his Department (a) recorded and (b) reported to the Information Commissioner's Office in (i) 2015-16 and (ii) 2016-17.

Currently there is no legal obligation on data controllers to report breaches of security which result in loss, release or corruption of personal data, the Information Commissioner believes serious breaches should be brought to the attention of his Office. It is at the discretion of departments to define serious breaches.

In 2015-2016 the Cabinet Office had 16 data incidents of which 1 required reporting to the Information Commissioner’s Office.

In 2016-2017 the Cabinet Office had 36 data incidents of which 3 required reporting to the Information Commissioner’s Office.