Question to the Ministry of Defence:

To ask the Secretary of State for Defence, for what reason the data breach of the defence recruitment system was not reported to the Information Commissioner's Office until seven days after the breach was known to officials in his Department.

To report a notifiable incident to the Information Commissioners Office (ICO) requires an element of investigation. Before reporting, the investigation team had to clearly determine the source and that it met the threshold for reporting. The harm threshold was assessed to not have been met, however the Department notified the ICO of the incident, for transparency, on 21 March 2022.