Skip to main content Skip to accessibility
This website is not compatible with your web browser. You should install a newer browser. If you live in Jersey and need help upgrading call the States of Jersey web team on 440099.
Government of

Information and public services for the Island of Jersey

L'înformâtion et les sèrvices publyis pouor I'Île dé Jèrri

  • Choose the service you want to log in to:


    Update your notification preferences


    Access government services


    Clear goods through customs or claim relief

  • Talentlink

    View or update your States of Jersey job application

Data protection breaches (FOI)

Data protection breaches (FOI)

Produced by the Freedom of Information office
Authored by States of Jersey and published on 21 December 2017.


Please tell me, each year for the past five years:


How many data protection breaches have there been in the Health and Social Services Department?


The type of information and number of records


The circumstances of the data loss / release / corruption


i) Whether the breach was reported to the Information Commissioner

ii) What action, if any, the Information Commissioner took


A to C

The table below outlines the number of data breaches per year in the Health and Social Services. Each breach has been aligned to one of the eight Data Protection principles in order that the circumstances of the breach be shown:

​Data Protection Principle* ​20132014​2015​2016​2017​


Please note that the data above has been gathered from the internal reporting system and is based on all types of records held within Health and Social Services. These include medical records, social services records, first response records, and pharmacy records and so on. Each instance shown above represents one record.

Please also note that due to the small numbers represented above, Article 25 of the Freedom of Information (Jersey) Law 2011 has been applied and numbers are shown as fewer than 5 (<5). This is to protect the privacy of individuals.

*The Data protection Principles are as follows:

​Data Protection Principle
​1​Personal data shall be processed lawfully and fairly
​2​Personal data shall be obtained only for one or more specified purposes, and shall not be further processed in a manner incompatible with that purpose or purposes
​3​Personal data shall be adequate, relevant and not excessive in relation to the purpose that it was collected
​4​Personal data shall be accurate and, where necessary, kept up to date
​5​Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
​6​Personal data shall be processed in accordance with the rights of data subjects under this law
​7​Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
​8​Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data



In the years between 1 January 2014 and 30 November 2017, six breaches have been reported to the Information Commissioner’s Office. Less than five enforcement notices have been issued by the Office of the Information Commissioner.

All other breaches have been managed internally and the Health and Social Services Department continuously reviews procedures and policies to seek improvement.

Exemptions applied

Article 25 Personal information

(1) Information is absolutely exempt information if it constitutes personal data of which the applicant is the data subject as defined in the Data Protection (Jersey) Law 2005.

(2) Information is absolutely exempt information if –

(a) it constitutes personal data of which the applicant is not the data subject as defined in the Data Protection (Jersey) Law 2005; and

(b) its supply to a member of the public would contravene any of the data protection principles, as defined in that Law.

Back to top
rating button