.svg)
TED Web Chat
.svg)
TED Web Chat
Talk to TED
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
If you think you’ve had a personal data breach – perhaps an email has been sent to the wrong person, a laptop was stolen from a car or you’ve lost files because of a flood – and you’re worried about what to do next, the Information Governance team can help.
It’s understandable if you’re concerned about what happens next. But the Information Governance team are here to help you understand what happened and to prevent it happening again. Not every breach reported to us results in further action. The main aim is to provide advice to help you to avoid similar incidents in the future.
Do not delay - follow the security incident reporting process and report the incident to the IT Service Desk without undue delay. The IT Service Desk can be contacted on 01255 686599 or via email at itservicedesk@tendringdc.gov.uk. By law, we must report a personal data breach to the ICO without undue delay (if it meets the threshold for reporting) and within 72 hours. The clock starts from when you discovered the breach, not when it actually happened. We might not end up needing to report it any further, but start a log anyway, to record what happened, who is involved and what you’re doing about it.
Pull the facts together as quickly as possible. The Information Governance team will need to know facts about the incident as you uncover them. This could be things like what happened and why, how many people were involved, a timeline of when it all happened, and what actions you’ve taken so far. But don’t worry if you haven’t got all the information to hand straight away – the important part is letting the Information Governance team know as soon as possible what has happened so that the incident can be assessed, contained, and checked whether it needs to be reported, before 72 hours have passed. You can always provide more details later as part of a follow-up report if necessary.
The priority is to establish what has happened to the personal data affected. If you can recover the data, do so immediately. Also, you should do whatever you can to protect those who will be most impacted. The Information Governance team will provide advice and support on this.
The Information Governance team will assess what we feel the risk of harm is to those affected. By risk of harm, we mean any potential harm or detriment it may cause to people, e.g. safeguarding issues, identity theft or significant distress. You might be dealing with a simple mix-up where there’s little or no risk involved, or a serious breach that will have a lasting effect on people’s lives.
If necessary, we should give specific and clear advice to the data subjects impacted by the breach on the steps they can take to protect themselves and what we can do to help them. If the Information Governance team asses that there is no high risk to the people involved, then they do not have to be alerted to the incident. If there’s a high risk, then by law we have to tell them without undue delay. The Information Governance team will provide advice and support on this.
If the breach meets the threshold for being reported, the Information Governance team will need to report it to the ICO.
The Information Governance team and the IT Service Desk are available 8:45am -5:15 pm Monday to Thursday and 8:45am – 16:45pm Friday (excluding Public Holidays).
To report any security events/ weaknesses or a data breach, please contact the IT Service Desk - ITServiceDesk@tendringdc.gov.uk 01255 686599
Please feel free to contact the Information Governance team for advice or assistance. We are here to help.
Our team is available to call on:
Data Protection Officer: x6060 (internal) 01255 686060 (external)
Freedom of Information: x686063 (internal) 01255 686063 (external)
Send us an email on:
Data Protection Officer: email: DPAOfficer@tendringdc.gov.uk
Freedom of Information: email: CorporateInfoManager@tendringdc.gov.uk