Digital department sees sharp decline in incidents

Credit: Lukas/Pxhere

The Department for Digital, Culture, Media and Sport halved the number of data breaches it recorded during 2019/20 compared with the prior year.

Data provided to PublicTechnology under the freedom of information act shows that, in the 12 months to 31 March 2020, the department recorded 13 personal data breaches. One of these was deemed serious enough to be reported to the Information Commissioner’s Office.

This compares with 24 incidents that were recorded during the 2018/19 year – two of which were reported to the data-protection regulator.

Even more personal data breaches – a total of 31 – were recorded by DCMS over the course of 2017/18. One of these was reported to the ICO.

“No enforcement action has ever been taken against DCMS” by the watchdog, the department said.

Related content

• PM moves government data function from GDS to DCMS
• Report reveals massive spike in Home Office data breach reporting following GDPR
• NHS and government have highest levels of public trust on use of personal data, ICO finds

The decline in recorded data breaches over the last two years comes in contrast to many organisations, which have seen a marked rise in light of the May 2018 introduction of the EU General Data Protection Regulation.

The total number of breaches reported to the ICO from across all industries quadrupled after GDPR became law.

In 2017/18, which ended two months before the new legislation came into effect, UK organisations flagged a cumulative tally of 3,331 breaches to the regulator. During the following year, which included 10 months of GDPR, 13,840 incidents were reported.

Research last year from PublicTechnology showed that central government had also seen a large rise in the number of breaches. Across nine departments, a total of 3,522 incidents were recorded in 2017/18. This figure more than doubled the following year, to 7,490 – although the vast majority of these did not require reporting to the ICO.

The number of breaches suffered by DCMS is low compared with other departments which, in some cases, record hundreds or even thousands of incidents each year.

In 2018/19, the Ministry of Justice filed 4,777 breaches, ahead of the Home Office on 1,930, and the Ministry of Defence on 470.

Further research conducted this summer showed that about 500 incidents across Whitehall each year require the ICO to be notified.

Central government entities collectively reported 495 breaches to the regulator during the 2019/20 year. This represented a slight increase of 1.9% on the number that were reported in the prior year.

Following investigation, the ICO has required some form action on the part of the data controller in 10 cases. A further 35 are still under investigation, two are yet to be assigned to a caseworker, and 448 processes have concluded with no action required.