Key information
Request reference number: MGLA101024-2664
Date of response:
Summary of request
Request:
- The name of the system the GLA uses to record data breaches or incidents (as defined in the UK GDPR and Data Protection Act).
- A copy of the GLA’s data breach incident reporting procedure or policy.
- a. A record of how many data breaches were reported in the last 5 years, by year.
b. If possible, a detailed breakdown of the types, nature and severity of data breaches recorded.
c. Of these incidents, which were reported to the Information Commissioner's Office
Response:
I can confirm that the GLA holds information within the scope of your request.
Our responses are as follows:
1
The name of the system the GLA uses to record data breaches or incidents (as defined in the UK GDPR and Data Protection Act).
Excel
2
A copy of the GLA’s data breach incident reporting procedure or policy
See attached document “Personal Data Incident and Breach Policy” (v3, 2023)
3a
A record of how many data breaches were reported in the last 5 years, by year.
This information is available in the public domain for the last five full financial years.
You can find it in the GLA’s annual governance statement.
2023/24 13
2022/23 19
2021/22 4
2020/21 10
2019/20 19
Data breaches are also included in GLA performance reporting, which is more regularly published as part of the Budget and Performance Committee’s meeting papers.
3b, 3c
If possible, a detailed breakdown of the types, nature and severity of data breaches recorded. Of these incidents, which were reported to the Information Commissioner's Office.
Of the 65 breaches listed above, one was notifiable.
Related documents
Data Breach policy