Data Breach Information

In line with data protection laws there is a requirement on the University to report data breaches to the Information Commissioner within 72 hours of becoming aware of an incident.  In order that it complies with this requirement there is a responsibility on all University staff to ensure that any breach involving personal data is reported immediately to the Data Protection Officer by completing and submitting a Data Breach Form.

Data protection law defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” 

Examples of breaches could include:

  • An email containing personal data being sent to the incorrect recipient
  • Accidental loss of files or documents containing personal data
  • Theft of a University laptop holding personal data
  • An attack on the University network that enables an unauthorised individual to access personal information.

When reporting a breach the individual should seek to provide as much information as is possible to enable the Data Protection Officer to assess the severity of the breach and decide to the appropriate course of action.  Further information can be found within the

Data Incident Procedure.

If appropriate staff should contact IT Support via the PoB system if the breach involves an IT System or there are measures that could potentially be taken by IT Services that could contain or reduce the impact of the incident.