Would you recognise a personal data breach? It’s not only about sending an email to the wrong person. A breach is where you have lost personal data; sent to the wrong person; deleted or corrupted data; or you have accessed information to which you have no entitlement.
It is important to remember that we all have access to personal data, but we only have this access in order to do our job. You must only access personal data to which you have entitlement to see. Where you access personal data that you shouldn’t, you may have committed a personal data breach or a criminal offence.
If you think this has happened, the first thing to do is inform the Information Governance team. We will then undertake a risk assessment to determine the next steps, including letting affected individuals know.
You must always report a suspected personal data breach to the Information Governance Team– we need to hear about it so that swift action can be taken. The UK General Data Protection Regulation requires that we record all personal data breaches and consider whether to report to the Information Commissioner.
If you have any questions about personal data breaches, please contact the Information Governance team at dpa@abdn.ac.uk