THE leak that saw the Brexit department pass an MSP's constituent case to a Tory MP has not been reported to the data watchdog, The National can reveal.
Keith Brown has urged the head of the civil service to investigate the sharing of MSPs' correspondence by Westminster departments after a matter raised by him on behalf of a local businessman was passed to the office of Luke Graham MP.
The businessman had not contacted Graham's office and Clare Moriarty, Permanent Secretary to the Department for Exiting the European Union (DExEU), said a member of her staff was responsible. She said action has been taken and Graham – who argued Brown should have told him about the matter anyway – has been asked to delete all records relating to the case.
READ MORE: SNP call for data breach probe after leak to Scottish Tory MP
Now The National can reveal that DExEU did not report the matter to the independent Information Commissioner's Office (ICO), which can issue fines for data breaches.
Data controllers within organisations are responsible for reporting these to the ICO on a case-by-case basis, depending on the perceived risk to the public.
The ICO said: “Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach unless it does not pose a risk to people’s rights and freedoms.
"If an organisation decides that a breach doesn’t need to be reported they should keep their own record of it, and be able to explain why it wasn’t reported if necessary.
"If anyone has concerns about how their data has been handled, they can report these concerns to us."
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here