Request ID: FOI-0325-2425 Date published: 24 May 2024
You asked
This is an information request relating to data breaches.
Please include the following information each of the following financial years 2021/22, 2022/23 and 2023/24:
• The number of data breaches have occurred
• How many people were affected in each data breach
• Total number of claims made against the organisation
• Total number of claims that have been upheld
• Total cost that has been paid out each year
• Largest payout given to a single person each year
We answered
Our Ref: FOI-0325-2425
Thank you for your request received on 26 April 2024 asking for information about data breaches. Your request has been considered in accordance with the requirements of the Freedom of Information (FOI) Act and our information access policy. I can confirm that we do hold the information you require.
We have an obligation to use personal information lawfully and appropriately and we take all necessary measures to ensure your personal information is properly protected and secured. This includes having appropriate technical and organisational arrangements to secure your information. More information about personal information rights is available on our website:
In accordance with section 21 of the FOI Act, we are not obliged to supply you with a copy of the requested information as it is already accessible to you elsewhere. In accordance with the FOI Act, we are not obliged to supply the information for the second half of the 2023/24 financial year as it is subject to a statutory exemption to the right of access to information under section 22 of the Act. In this instance the exemption has been applied as the information you have requested is intended for future publication. The report will be made available on our website in the summer.
This exemption is subject to a public interest test, which requires us to assess whether the public interest in applying the exemption outweighs the public interest in disclosure. In this instance, it is considered that the public interest favours the publication of this information, in context and according to the pre-determined schedule, rather than in response to your request, to ensure the information is provided accurately and in an accessible manner. • Total number of claims made against the organisation 2021/22 - 2 claims 2022/23 - 0 claims 2023/24 - 3 claims • Total number of claims that have been upheld 2021/22 - 1 claim settled 2023/24 - 1 claim settled Please note that a ‘settled’ claim does not mean that it was accepted/’upheld’. • Total cost that has been paid out each year • Largest payout given to a single person each year In accordance with the FOI Act we are not obliged to supply this information as it is subject to a statutory exemption to the right of access to information under section 43(2) – prejudice to commercial interests. In this instance the exemption has been applied to the requested information as disclosure would be likely to prejudice our commercial interests. Disclosure of this information could affect our ability to negotiate in any future claims. The use of this exemption is subject to an assessment of the public interest in relation to the disclosure of the information concerned. We recognise the need for openness and transparency by public authorities, but in this instance the public interest in ensuring that we can benefit the public purse by not prejudicing our negotiating ability, outweighs the general public interest in increasing transparency of our processes. If this is not the information you are looking for please do not hesitate to contact me. Please see the attached information sheet for details of your right to appeal.
Yours sincerely
Gemma Jacob Senior FOI Case Officer FOI Case Management Team General Counsel Transport for London
