A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. In English, a security incident that has affected the confidentiality, integrity or availability of personal data.
When any personal data is lost, destroyed, corrupted or disclosed, if someone accesses the data or passes it on without proper authorisation, or if the data is made unavailable it will be considered a data breach.
Here’s a few of our thoughts on the common questions we get asked about data breaches.
When should we tell the ICO about a Data Breach?
The current data protection regime sets out that the ICO should be notified when a breach is likely to result in a risk to individual’s rights and freedoms.
When assessing this risk, businesses should consider the specific circumstances of the breach including the severity and impact of the risk. Some things to consider are the type of breach, the nature and sensitivity of the data, the volume of data, the number of people affected and the severity of the consequences.
An example of where a breach is unlikely to result in such a risk may be where personal data are already publicly available. In other words, where the disclosure does not constitute a further risk to the individual.
Should we tell the data subject about the breach?
Similarly to the requirement to inform the ICO, the requirement to inform the individuals whose data has been breached is triggered when it’s likely to result in a high risk to their rights and freedoms.
Businesses should consider the factors suggested above when assessing the need to inform the data subject.
How long have I got?
In short, not long! A controller must notify a data breach without undue delay and no later than 72 hours after having become aware of the breach.
This means businesses should train their staff in identifying breaches and encourage them to speak up when they become aware of one.
If data protection is playing on your mind or if you are not sure about something, get in touch and we will be pleased to assist.