FOI request detail

Data breach incident reporting

Request ID: FOI-3434-1819
Date published: 12 April 2019

You asked
I would like to request the following under the FOI Act. 1) What is the name of the system that your organisation utilise to record data breaches or incidents? 2) Please can I have a copy of the data breach incident reporting procedure or policy? 3) How many data breaches were reported and recorded in the years 2017, 2018 and 2019 to date? b) Of these incidents, how many were reported to the Information Commissioner's Office? For clarity, the data breaches referred above are as defined in the data protection regulation (DPA 1998 - pre - 25 May 2018 and GDPR & DPA 2018 - post 25 May 2018). I look forward to your response within the statutory response duration.

We answered

TfL Ref: 3434-1819

Thank you for your request received by Transport for London (TfL) on 14 March 2019 asking for information about data breach incident reporting.

Your request has been considered in accordance with the requirements of the Freedom of Information Act and our information access policy.  I can confirm that we hold the information you require.  Your questions and our replies are as below:

  1. What is the name of the system that your organisation utilise to record data breaches or incidents?

     

    Data Breaches are recorded on a spreadsheet.

     

     

  2. Please can I have a copy of the data breach incident reporting procedure or policy?

The breach reporting procedure forms part of TfL’s management system, please see the attached .pdf

3) How many data breaches were reported and recorded in the years 2017, 2018 and 2019 to date?

     b) Of these incidents, how many were reported to the Information Commissioner's Office?

Incidents are recorded by financial year rather than calendar year. 91 breaches were recorded in 2018/19 of which 9 were reported to the ICO. 13 breaches were recorded in 2017/18 of which 1 was reported to the ICO. 33 breaches were recorded in 2016/17 of which 3 were reported to the ICO

If this is not the information you are looking for, or if you are unable to access it for any reason, please do not hesitate to contact me.

Please see the attached information sheet for details of your right to appeal as well as information on copyright and what to do if you would like to re-use any of the information we have disclosed.

Yours sincerely

Sara Thomas

FOI Case Management Team

General Counsel

Transport for London

Attachments

data breach policy

PDF
Back to top

Want to make a request?

We'll email you the response within 20 working days.


We'll publish the response online without disclosing any personal information.

Make a request

Something wrong with this request?


If you believe this request is not suitable, you can report it for attention, at foi@tfl.gov.uk