Data breaches

Most data breaches result from 'accidental loss', for example:

  • leaving confidential/personal information on a train
  • losing a device with access to confidential/personal information
  • sharing confidential/personal information with the wrong people.

Data breaches could affect individuals and harm UWE Bristol.

Report an incident or breach via our online form
Close up of a seated person typing on a phone

If you suspect a breach

  • Report it immediately to the Data Protection Office via our online form or calling the IT Service Desk on +44 (0)117 328 3612.
    If in doubt, shout! Report it anyway.
  • Change your password immediately.
    You must change your password if you suspect a data breach or that it has been compromised.
  • Remotely wipe (staff login required) UWE Bristol managed mobile devices that are lost or stolen.
    The IT Service Desk will assist you with this if you are unsure.

Don't delay, the longer you leave it the greater risk. The University is required to report personal data breaches to the Information Commissioner's Office (ICO) within 72 hours.

How to avoid a data breach

  • Before you process personal data, you must consider if a Data Protection Impact Assessment should be completed.
  • Provide individuals with a Privacy Notice describing all the privacy information that you make available or when you collect information about them.
  • Process data in line with Data Protection Policy (PDF).
  • Promote a clear desk policy.
  • Lock physical confidential information away.
  • Lock your computer.
  • Delete unnecessary information.
  • Have adequate security measures in place to protect data and devices.
  • Take extra care when emailing personal data.

Examples of data breaches

  • Unauthorised/inadvertent disclosure of personal or confidential information verbally.
  • Lost or stolen device, laptop, phone or unencrypted memory stick that contains personal or confidential data.
  • An email containing personal or confidential data sent to the wrong recipient(s).
  • Unauthorised/inappropriate access to personal or confidential data in IT systems.
  • Documents or data containing personal or confidential data that are:
    • lost or stolen
    • found in non-secure/public area
    • not stored or disposed of securely.

Passwords

Follow our guidance to ensure you always use secure passwords. They reduces the risk of data breaches and protects you from many threats such as identity theft.

Multi-factor authentication (MFA)

MFA adds an additional layer of security on your account and is quick and easy to set up.
A password combined with MFA greatly increases security.

Set up your security profile to enable MFA.