Personal Data Incident & Breach Management
What is a personal data breach?
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. A personal data breach can cover a lot more than just ‘losing’ personal data. Personal data breaches include incidents that are the result of both accidents (such as sending an email to the wrong recipient) as well as deliberate acts (such as phishing attacks to gain access to customer data).
A personal data breach occurs in incidents where personal data are lost, destroyed, corrupted, or illegitimately disclosed. This includes situations such as where someone accesses personal data or passes them on without proper authorisation, or where personal data are rendered unavailable through encryption by ransomware, or accidental loss or destruction.
If you think a personal data incident or data breach has occurred, you need to act promtly, time is of essence. See our UCD Data Incident Response Flow Chart. Inform your line manager and the UCD Office of the DPO (email@example.com)
- UCD DP Incident Reporting Guidance document
- UCD_DP_Incident_Report_Form_Jun_2019 (word)
- UCD sample template for personal data breach notification to affected individuals