My Department was established in July 2017. Details of data breaches which occurred in each year between July 2017 and 2023 to date, and the numbers which were reported to the Data Protection Commission (DPC) are set out in the table below:
Year
|
Number of data breach incidents
|
Number of breaches reported to the DPC
|
2017 (July – Dec 2017)
|
0
|
0
|
2018
|
1
|
1
|
2019
|
0
|
0
|
2020
|
2
|
1
|
2021
|
1
|
0
|
2022
|
5
|
1
|
2023 (to date)
|
0
|
0
|
In terms of the nature of the breaches, in all cases the incident related to information disclosed in error to incorrect recipients. All data breaches are reported to and assessed by the Department’s Data Protection Officer (DPO) in accordance with guidance issued by the Data Protection Commission.
In terms of severity, the majority of the breaches identified were determined to be minor and unlikely to result in a risk to data subjects and were handled in accordance with the Department's Data Protection Policy. A total of 3 data breaches were deemed notifiable to the DPC and my Department acted accordingly. The remainder were deemed low risk and therefore not required to be reported to the DPC.
In the case of each incident immediate remedial action was undertaken to rectify the breach and to put in place measures to prevent re-occurrence.