Data breaches are defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a data breach is more than just losing personal data.
You must report data breaches to the council’s Data Protection Officer (DPO) as soon as you become aware of them. There is a strict requirement on us to notify reportable breaches to the Information Commissioner’s Office without undue delay and within 72 hours. The clock starts ticking for our data protection officer to make a report to the Information Commissioner’s Office as soon as we become aware of the data breach.
Delays in reporting breaches or suspected data breaches to the council mean that there is less time to investigate these matters and take appropriate action to mitigate any harms which may be caused to the individuals affected.
Please ensure that any data breaches reported include an accurate summary of the personal data involved and the number of people affected. Remember to respond promptly to any further questions asked by the Data Protection Officer.
Data breaches can have a significant detrimental impact on individuals and organisations, so please do all you can to enable us to respond efficiently and well within the reporting requirements.
Our Data Breach Policy has details on detecting and responding to personal data breach occurrences.