A data security breach can happen for a number of reasons which include:
Loss or theft of data or equipment on which data is stored
Unauthorised access and use of data
Unforeseen circumstances e.g. fire or flood
Network being hacked into
Data accessed by the organisation being deceived
In order to manage data protection breaches the following steps must be followed:
- Any breach of data protection should be reported immediately to staff member’s line manager.
- The Line Manager must then in turn report it in writing to the Data Controller Compliance Officer.
- Details of a breach should be reported accurately, including date and time the incident occurred, when it was detected, who reported the incident, details of any ICT system involved.
- The Data Controller Compliance Officer will notify the Data Protection Commissioner where relevant.
- Arrangements must be put in place by each section to notify the person(s) involved whose personal data has been breached.
- Following the Data Protection breach, the Data Controller Compliance Officer will investigate how the breach occurred, the implications of the breach and the measures required to prevent re-occurrence.
To contact the Data Controller Compliance Officer, please email email@example.com or telephone: 0761 06 5000.
The attention of all staff will be drawn to this policy through:
- Publication on the Intranet.
- Circulation to all Section Heads.