Public Statement:

Data Protection Authority opens Inquiry into data breach at the Director of the Revenue Service

Published: 29 April 2024

The Data Protection (Bailiwick of Guernsey) Law, 2017
Public Statement
Issued: 11am Monday 29 April 2024
Controller: The Director of the Revenue Service
 
The Data Protection Authority (‘the Authority’) has opened an inquiry into a data breach at the Director of the Revenue Service, alleged to involve a significant volume of personal information.
 
The decision to initiate this inquiry under section 69 of The Data Protection (Bailiwick of Guernsey) Law, 2017 has been made following consideration of a breach notification submitted to the Authority by the Director of the Revenue Service and seeks to establish whether the Director of the Revenue Service has breached an operative provision of the Law. Not all breach notifications result in investigations or inquiry. They are assessed on their particular fact and risk situations.
 
The outcome of the Authority’s inquiry should not be speculated on, or its conclusion pre-judged. No further comment will be made at this time.
 
Legal Framework
1. This is a public statement made by the Data Protection Authority under section 64 of The Data Protection (Bailiwick of Guernsey) Law, 2017.
2. The Authority may conduct an inquiry (under section 69 of the Law) where there are concerns about a controller’s activities or their compliance under the Law.
3. In this case, the controller is The Director of the Revenue Service.