Staffnet-Headertxt
Cymraeg Cymraeg

Data Breaches

Do your part, be data smart!

As a Council, we collect a lot of personal data about those who use our services. Sometimes things can go wrong, and personal data can be used incorrectly or given to an unintended recipient. When this happens, it means a data breach may have occurred.

If you think there might have been a data breach, the Information Governance Team are here to help. They can offer advice and support, and will help you throughout.  

We have created this page to help you learn:

 

Data Protection Training 

All staff are required by the Information Commissioner's Office (ICO) to regularly review and update their knowledge of the Data Protection Principles, this ensures you are fully equipped to deal with any data that you handle. 

The Data Protection Learning Module is in iDev and covers personal information, data protection and data breaches. Log in now to check that you are all up to date with your learning or just to refresh your knowledge.

 

What is a data breach

What is a data breach

A data breach is defined as 'a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed'.

 

Some examples of different types of data breaches are:

  • Accidentally sending personal information to the wrong person by getting an e-mail address wrong, or including additional participants to an e-mail that did you not mean to
  • A Laptop that contains personal information being lost or stolen
  • Accidentally leaving personal information somewhere
  • Someone looking over your shoulder in a public place and seeing personal data on your laptop
  • A cyberattack that prevented access to or destroyed records
  • Unauthorised or accidental alteration of personal data

 

The Information Commissioner's Office (ICO) have published helpful case studies on various breaches:

 

When to report a data breach

When to report a data breach

If you think there may have been a data breach, get in touch with the Information Governance Team as soon as possible.

The Team are here to help and no question is too small or problem too big. Whilst the Council expects staff to be careful when handling personal data it also understands that due to the amount of data we handle it is inevitable that from time to time a data breach may occur. 

Telling the Information Governance Team as soon as you know means that they can help you determine what needs to be done and assist in guiding you to any further actions that might be necessary. They can also give you guidance on what to consider and discuss with you how breaches might be prevented in the future. 

The Team also consider patterns and trends to determine if organisational changes need to be made.

 

How to report a data breach

How to report a data breach

Report data breaches to the Information Governance Team:

 


This mailbox is monitored Monday - Friday, from 8.30am to 5pm. The mailbox is monitored by multiple people from the information Governance Team. A member of the team will consider your email and get back to you. Please make sure you are available. Try to avoid sending notifications at 5pm on a Friday and then signing off for the day.

 

Please tell the team:

  • What has happened
  • When the breach occurred and when you became aware of it
  • What personal information you think was disclosed (for example, name, age, address, date of birth, union membership, etc.)
  • What actions you have taken so far, if any

 

The team will give you advice on what to do. In some instances you may need to report a breach to the ICO. The team will help you with this.