You must immediately report breaches or potential breaches of personal data as soon as you become aware of them. This includes lost or stolen laptops, memory sticks or other mobile devices, and accidental disclosures of information, for example sending an email to the wrong recipient.
If you suspect that a data breach has, or may have, occurred, you should immediately report this by either:
- logging a job via Support Me – select the “Data Breaches” option (which is also searchable) and follow the simple instructions;
- contacting the SIZ by telephone or in person so that the breach can be logged;
- contacting the Data Protection Officer: DPOfficer@chi.ac.uk.
By following one of the above, key staff e.g. DPO, University Solicitor and Head of ICT Strategy & Architecture can be notified without delay. This will ensure the University’s Data Security Breach Management Process can be implemented, which will determine, amongst other things, whether the breach is reportable to the Information Commissioner’s Office (ICO), the UK’s data protection supervising authority. If the breach is reportable it must be reported within 72 hours of the reported incident.
You should provide, in outline, key information as follows when logging the breach, including:
- what information is involved, to whom it pertains and the number of individuals’ data involved
- what happened to it - lost, stolen, or inadvertently disclosed
- how the breach may have happened
- actions taken so far
How to log a data breach in Support Me
- From Support Me, select Log a request
- There are two ways to find the data breach template:
- Click in the filter by category box and select Data Breaches then OK
- Click into the search box and start typing data breaches
- Either way, you will see the option to Report a potential data breach, click Support Me
- Complete the fields, clicking Next as required
- When you reach the end of the form, click Submit (you must click submit for the call to be logged)