FOI request (FOIR-537388904)
Reported Data Breaches to the ICO
Requested Mon 07 August 2023
Responded Wed 23 August 2023
Following the breach of data protection regulations which released over 300 email addresses as reported:
The regulations require that businesses must report any data breaches to the Information Commissioner's Office within 72 hours if they have 'potential negative consequences for individuals'.
Please provide details of all data breaches reported by HBC to the ICO since May 2018.
Details should include date of the breach, nature of the breach, and what mitigation has been made to prevent further repeats of the breach.
Breach 1 Date: 04/06/2018 Nature: Precautionary report to ICO - Mitigations: Not applicable - Investigation revealed there was no breach
Breach 2 Date: 18/06/2019 Nature: Letter sent to incorrect correspondence address - Mitigations: Refresher training for staff on checking correspondence addresses
Breach 3 Date: 03/06/2021 Nature: Letter sent to incorrect correspondence address - Mitigations: Refresher training for staff on creating correspondence addresses
Breach 4 Date: 14/06/2023 Nature: Group email CC'ed rather than BCC'ed - Mitigations: Recipients contacted and asked to delete the email
Breach 5 Date: 29/06/2023 Nature: Partially redacted document released - Mitigations: Recipients contacted and document recovered, Refresher GDPR training to be completed by the team
Freedom of Information