FOI reference: FOI-2025-2808

You asked

Please could I receive the following:

  1. The number of times confidential or sensitive government information placed into an AI Chatbot has caused a data breach or cyber security incident between 01/01/22 and the day this request is processed.
  2. If possible, please include the nature of each incident, the number of individuals affected (if applicable), and any outcomes or remedial actions taken.
  3. The number of times personal or private information placed into an AI Chatbot has caused a breach in GDPR regulation between  01/01/22 and the day this request is processed.
  4. If possible, please include the nature of each incident, the number of individuals affected (if applicable), and any outcomes or remedial actions taken.
  5. Which AI Chatbot tool the department allows civil servants and ministers to use, or if applicable any bespoke AI Chabot the department uses.

We said

Thank you for your request.  

Currently ONS is not using Generative AI within its live statistical production. We are exploring the possibilities for the future and have a robust AI governance process in place to ensure this is done in a safe and secure manner.  

Regarding questions 1 to 4, we can confirm that there have been no data breaches, cybersecurity incidents, or breaches in GDPR regulation linked to the use of ONS data in AI chatbots.  

In relation to question 5, we have implemented Microsoft 365 Copilot chat for all employees, and the use of any other chatbots is prohibited.