The below Parliamentary question was asked by Kirsty Blackman on 2016-02-05.
To ask the Secretary of State for Justice, pursuant to the Answer of 2 February 2016 to Question 24107 on tribunals: Scotland, how many of those people whose data was breached were not made aware that that breach had occurred.
Mr Shailesh Vara
Her Majesty’s Courts & Tribunals Service takes its responsibility for data incidents very seriously and treats each case on its individual merits. Notifying individuals of data breaches or incidents is considered, but is not a mandatory action in every instance.
Informing people and organisations about a breach is not an end in itself. Notification should have a clear purpose, whether this is to enable individuals who may have been affected to take steps to protect themselves or to allow the appropriate regulatory bodies to perform their functions, provide advice and deal with complaints.
The above criteria is considered when deciding whether or not to inform individuals or organisations of a data breach. In relation to the incidents referred to in this PQ it is unclear, as no statistical information has been retained, as to whether or not individuals were notified.
Guidance on data breach notification is set out by the Information Commissioners Office (ICO) in the link below: