Have your say on how the details of data breaches are reported

The ICO is currently consulting on how to report the data it collects from data breach notifications.

Last year, the ICO created a dashboard for this purpose. The dashboard currently includes a summary of the trends that can be seen from the breach notifications received by the ICO. The dashboard presents information by quarter, sector and incident type.

The data the ICO analyses for this purpose comes primarily from the reports organisations make using the ICO’s breach reporting form. The form is quite detailed and, for example, asks whether the organisation has, or intends to, notify data subjects or other organisations of the breach. The ICO advises that, when making a breach notification, an organisation should ensure that all personal data has been redacted and is not reversible.

The ICO says that there are some legal and technical challenges that limit what it is able to collect and publish. However, it is committed to proactively publishing more of the data where it is justified. Organisations may have concerns over what data is included in the dashboard from their breach notifications.

Feedback can be sent to the ICO by 5pm on 30 April 2022.

See: ICO - Call for views: data security incident trends