Reporting of Personal Data Related Incidents
Cabinet Office guidance recommends that Non Departmental Public Bodies provide information risk management in their annual reporting. An incident is defined as any of the circumstances (loss, unauthorised disclosure, insecure disposal) as set out below.
Protected personal data is defined as data that meets the definition of the minimum scope of protected personal data that it is considered should receive a similar level of protection because it would put those affected at significant risk of harm or distress.
Incidents, the disclosure of which would in itself create an unacceptable risk of harm, may be excluded in accordance with the exemptions contained in the Freedom of Information Act 2000 or may be subject to the limitations of other UK information legislation.
Summary of Protected Personal Data Related Incidents Formally Reported to the Information Commissioner's Office
Statement on information risk: HBLB holds very little personal data, and its information risks have been identified and are mitigated proportionately, to achieve a secure and confident working environment.
Date of incident/nature of incident/nature of data involved/number of people potentially affected/notification steps taken.
2013/14 - nil
2014/15 - nil
2015/16 - nil
2016/17 - nil
Further action on information risk: HBLB will continue to monitor and assess its information risks in order to identify and address any weaknesses and ensure continuous improvement of its systems.
Summary of Other Protected Personal Data Related Incidents
Incidents deemed by the Data Controller not to fall within the criteria for report to the Information Commissioner's Office but recorded centrally within HBLB are set out in the table below. Small, localised incidents are not recorded centrally and are not cited in these figures.
Category I, loss of inadequately protected electronic equipment, devices or paper documents from secured Government premises.
Category II, loss of inadequately protected electronic equipment, devices or paper documents from outside secured Government premises.
Category III, insecure disposal of inadequately protected electronic equipment, devices or paper documents.
Category IV, unauthorised disclosure.
Category V, other.
2013/14 - nil (any category)
2014/15 - nil (any category)
2015/16 - nil (any category)
2016/17 - nil (any category)