What should I do if there is a data breach?
The following actions should be taken when a breach occurs:
1. Containment/mitigation - If it is possible to retrieve the information, retrieve it as soon as possible. This could involve:
- recalling an email sent in error
- taking down a webpage
- asking incorrect recipients of an email to delete it and not to share it with anyone
- informing IT Services if an account has been hacked/compromised.
2. Report to the University’s Assurance and Data Protection Office without delay using our Data Incident Evaluation Form.
3. Assessing the risks – using the information provided in the Data Incident Evaluation Report, the Assurance and Data Protection Office will investigate the incident and assess any risks associated with the breach, including the potential adverse consequences for the affected individuals (data subjects); how serious or substantial these are; and how likely they are to happen.
4. Notification – The Assurance and Data Protection Office will advise you whether any of the affected data subjects need to be notified and why. They will also assess whether the severity of the breach meets the threshold for reporting to the Information Commissioner’s Office (ICO); other regulatory bodies; or other third parties, such as the police.
5. Lessons learned and final outcome – The Assurance and Data Protection Office will advise on how to avoid a repeat of the incident, e.g. what improvements could be made to processes, additional training, etc. it is important to learn from the incident and update any relevant processes/policies accordingly.
Please read the University’s Data Breach Policy.
Detailed guidance on data breaches is provided by the Information Commissioner.