A data security breach can happen for a number of reasons which include but not limited to:
Loss or theft of data or equipment on which data is stored
Unauthorised access and use of data
Unforeseen circumstances e.g. fire or flood
Network being hacked into
Unlawful destruction of files
In order to manage data protection breaches the following steps must be followed:
1. Any breach of data protection should be reported immediately to staff member’s line manager and section head.
2. The Line Manager must then in turn report it to the Data Protection Officer.
3. Details of a breach should be reported accurately, including date and time the incident occurred, when it was detected, who reported the incident, details of any ICT system involved.
4. The Data Protection Officer will notify the Data Protection Commissioner where relevant within 72 hours.
5. Arrangements must be put in place by each section under direction from the DPO to notify the person(s) involved whose personal data has been breached.
6. Following the Data Protection breach, the Data Protection Officer will investigate how the breach occurred, the implications of the breach and the measures required to prevent re-occurrence.
To contact the Data Protection Officer - please email email@example.com
The attention of all staff will be drawn to this policy through:
1. Publication on the Intranet.
2. Circulation to all Section Heads
Link to Data Protection Commissioners Website – Data Breach Guidance