Speeches

Dan Jarvis – 2014 Parliamentary Question to the Ministry of Justice

The below Parliamentary question was asked by Dan Jarvis on 2014-03-18.

To ask the Secretary of State for Justice, how many breaches of security have been reported at (a) HM Courts Service, (b) the Land Registry, (c) the National Offender Management Service, (d) the National Archives, (e) the Office of the Public Guardian and (f) the Tribunals Service in each year since May 2010; and what procedures each agency follows when a breach of security involves the disclosure of personal data.

Shailesh Vara

The table below provides the number of centrally recorded security incidents (breaches of security resulting in actual or potential harm) that have occurred during each financial year since 1 April 2010.

01/04/2010-31/03/2011

01/04/2011-31/03/2012

01/04/2012-31/03/2013

01/04/2013-31/12/2013

HM Courts Service*

2,845

Tribunals Service*

577

HM Courts and Tribunals Service*

5,077

3,101

2,421

Office of the Public Guardian

679

446

485

389

The National Archives

3

1

5

0

The National Offender Management Service **

8,287

9,298

10,052

8,492

*HM Courts Service and the Tribunals Service merged in April 2011 and became HM Courts and Tribunals Service and therefore these details are not recorded separately.

** Includes the number of incidents involving physical security in prisons.

Responsibility for HM Land Registry was transferred to the Department for Business, Innovation and Skills in July 2011 and therefore the Ministry of Justice does not hold this information.

The figures include a wide range of types of incident, including loss of IT equipment (which would usually be password protected or encrypted to protect the information); verbal abuse and threats to court staff, judiciary and members of the public; and a wide variety of incidents in prisons.

The Department and its agencies apply robust incident management processes, including a requirement for staff to report breaches resulting in potential harm/loss to assets (information, people, buildings and equipment).

When a security incident involving the disclosure of personal data is identified prompt action is taken locally to limit harm and residual action is then taken to seek to alleviate further recurrence.