Guidance #
New data protection legislation requires all organisations to report certain types of data breach to the relevant supervisory authority (ICO – Information Commissioner’s Office) within 72 hours, and in some cases to the individuals affected.
If you know or suspect that a Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately report the incident. You should preserve all evidence relating to the potential Data Breach.
Definitions #
Data Breach #
A personal data breach means the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
Personal Data #
Any information identifying a Data Subject or from which we could identify a Data Subject. Personal Data includes “Special Categories” of sensitive personal data and Pseudonymised Data but not anonymised data (data where any identifying elements have been removed).
Special Categories of Personal Data #
This is a subset of Personal Data and includes any information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.
Policies #
The University’s full data protection policy is available on the University’s website.