answer text |
<p>Her Majesty's Courts & Tribunals Service takes its responsibility for data
incidents very seriously and treats each case on its individual merits. Notifying
individuals of data breaches or incidents is considered, but is not a mandatory action
in every instance.</p><p> </p><p>Informing people and organisations about a breach
is not an end in itself. Notification should have a clear purpose, whether this is
to enable individuals who may have been affected to take steps to protect themselves
or to allow the appropriate regulatory bodies to perform their functions, provide
advice and deal with complaints.</p><p> </p><p>The above criteria is considered when
deciding whether or not to inform individuals or organisations of a data breach. In
relation to the incidents referred to in this PQ it is unclear, as no statistical
information has been retained, as to whether or not individuals were notified.</p><p>
</p><p>Guidance on data breach notification is set out by the Information Commissioners
Office (ICO) in the link below:</p><p> </p><p><a href="https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/"
target="_blank">https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/</a></p>
|
|