DCMS cuts data breaches in half in FY20

Written by Sam Trendall on 5 August 2020 in News
News

Digital department sees sharp decline in incidents

Credit: Lukas/Pxhere

The Department for Digital, Culture, Media and Sport halved the number of data breaches it recorded during 2019/20 compared with the prior year.

Data provided to PublicTechnology under the freedom of information act shows that, in the 12 months to 31 March 2020, the department recorded 13 personal data breaches. One of these was deemed serious enough to be reported to the Information Commissioner’s Office.

This compares with 24 incidents that were recorded during the 2018/19 year – two of which were reported to the data-protection regulator.

Even more personal data breaches – a total of 31 – were recorded by DCMS over the course of 2017/18. One of these was reported to the ICO.

“No enforcement action has ever been taken against DCMS” by the watchdog, the department said.


Related content


The decline in recorded data breaches over the last two years comes in contrast to many organisations, which have seen a marked rise in light of the May 2018 introduction of the EU General Data Protection Regulation.

The total number of breaches reported to the ICO from across all industries quadrupled after GDPR became law.

In 2017/18, which ended two months before the new legislation came into effect, UK organisations flagged a cumulative tally of 3,331 breaches to the regulator. During the following year, which included 10 months of GDPR, 13,840 incidents were reported.

Research last year from PublicTechnology showed that central government had also seen a large rise in the number of breaches. Across nine departments, a total of 3,522 incidents were recorded in 2017/18. This figure more than doubled the following year, to 7,490 – although the vast majority of these did not require reporting to the ICO.

The number of breaches suffered by DCMS is low compared with other departments which, in some cases, record hundreds or even thousands of incidents each year.

In 2018/19, the Ministry of Justice filed 4,777 breaches, ahead of the Home Office on 1,930, and the Ministry of Defence on 470.

Further research conducted this summer showed that about 500 incidents across Whitehall each year require the ICO to be notified.

Central government entities collectively reported 495 breaches to the regulator during the 2019/20 year. This represented a slight increase of 1.9% on the number that were reported in the prior year.

Following investigation, the ICO has required some form action on the part of the data controller in 10 cases. A further 35 are still under investigation, two are yet to be assigned to a caseworker, and 448 processes have concluded with no action required.

 

About the author

Sam Trendall is editor of PublicTechnology

Tags

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Online safety: How police, public sector and tech firms have reached a data-sharing stalemate
21 May 2021

With the Online Safety Bill now published, former police superintendent Iain Donnelly writes for PublicTechnology on the challenges that need to be overcome in order to ensure the law’s...

Vaccine passports pose discrimination and data protection risks, MPs find
17 June 2021

PACAC claims that government has not made a convincing case for introducing a certification scheme domestically

Court judgments to be published on single website
16 June 2021

Government claims moving information to National Archives site is ‘boost for open justice’

Related Sponsored Articles

"The inflection point is here": how Covid is driving digital transformation in health
9 June 2021

It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation

Stopping Cyber Attacks in Higher Education
19 April 2021

Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.