Most data breaches result from 'accidental loss' eg leaving confidential information on a train, losing a device with access to confidential information or sharing confidential information with the wrong people.
Data breaches could affect individuals and harm UWE Bristol.
If you suspect a breach
- Report it immediately to the IT Service Desk.
If in doubt, shout! Report it anyway.
- Change your password immediately.
You can change your password using the self-service password reset.
- Remotely wipe
Don't delay, the longer you leave it the greater risk. The University is required to report personal data breaches to the Information Commissioner's Office (ICO) within 72 hours.
How to avoid a data breach
- Before you process personal data, you must consider if a Data Protection Impact Assessment should be completed.
- Provide individuals with a Privacy Notice describing all the privacy information that you make available or when you collect information about them.
- Process data in line with Data Protection Policy (PDF).
- Promote a clear desk policy.
- Lock physical confidential information away.
- Lock your computer.
- Delete unnecessary information.
- Have adequate security measures in place to protect data and devices.
- Take extra care when emailing personal data.
Examples of data breaches
- Unauthorised/inadvertent disclosure of personal or confidential information verbally.
- Lost or stolen device, laptop, phone or unencrypted memory stick that contains personal or confidential data.
- An email containing personal or confidential data sent to the wrong recipient(s).
- Unauthorised/inappropriate access to personal or confidential data in IT systems.
- Documents or data containing personal or confidential data that are:
- lost or stolen
- found in non-secure/public area
- not stored or disposed of securely.