B e Cyber Secure IASME Policies What to do if there is a Data Breach Clare Vale will inform the ICO using one of the methods detailed in section 1.1.4 How to report. This must be done within 72 hours of the data breach occurring. 1.1.1 When to Report A data breach should only be reported if the compromised information consists of data that is not already on the public domain. Any breach that poses a risk to customer, employee or business related information and could incur Reporting a Data Breach. 1.1.2 Outline Under the compliance of GDPR, a data breach will become mandatory and will need to be reported to the Information Commissioner within 72 hours. A data breach could refer to: • The loss of a USB stick; • The theft of equipment; • Data being destroyed or sent to the wrong address; • unauthorised disclosure of sensitive/confidential data; • Device/network becoming compromised; • Hacking; This policy sets out the procedure to ensure that consistent and effective approaches are in place for managing a data breach. 1.1.3 Responsibilities All Employees at Sign Solutions are responsible for reporting a data breach to Clare Vale. For contact information, please see below: Name: Clare Vale Telephone: 07917 045 518 E-Mail: [email protected] Emotional, physical or financial distress should be reviewed to determine if the breach shall be reported. Where there is little risk that individuals would suffer significant detriment, for example because a stolen laptop is properly encrypted or the information that is the subject of the breach is publicly- available information, there is no need to report. If the breach occurs out of normal working hours, it must be reported as soon as practically possible. 02.31.05.2020 Commercial in Confidence
B e Cyber Secure IASME Policies 1.1.4 How to report In the event of a data breach the Information Commissioner’s office (ICO) should be notified, this can be done through the following means: • Calling ICO on 0303 123 1113; • Emailing [email protected]. • Use a security breach notification form, this can be found here https://ico.org.uk/media/fororganisations/documents/2666/security_breach_notification_f orm.doc • By post on: Wycliffe House, Water Lane, Wilmslow, and Cheshire, SK9 5AF; 1.1.5 Information needed The information that will need to be provided is: • When the data breach occurred; • How the data breach was found; • Who will or may be affected by the data breach; • What is being done as a result of the breach; • Who should be contacted if more information is needed; • Who else has been informed of a data breach; If you have any queries about this privacy and cookies policy, please contact Clare Vale – Managing Director. [email protected]. 0843 178 0783. Sign Solutions, Unit 1, Rectory Court, Old Rectory Lane, Alvechurch, Birmingham B48 7SX. 02.31.05.2020 Commercial in Confidence
Search
Read the Text Version
- 1 - 2
Pages:
