Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, whether the broadband provider BRSK has recently contacted her Department regarding a customer data breach.

BRSK has not recently contacted my department regarding a customer data breach. I understand BRSK has reported a data breach to the Information Commissioner’s Office (ICO), the UK’s independent regulator for the Privacy and Electronic Communications Regulations (PECR).

Under PECR, public electronic communications service providers are required to take appropriate technical and organisational measures to safeguard the security of their services. They are required to notify the ICO of any personal data breach without undue delay, and where feasible, not later than 72 hours after having become aware of the breach.