The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Detecting, managing and recording incidents and breaches

You have procedures in place to make sure that you detect, manage and appropriately record personal data incidents and breaches. 

Ways to meet our expectations:

  • You have appropriate training in place so that staff are able to recognise a security incident and a personal data breach.
  • A dedicated person or team manages security incidents and personal data breaches.
  • Staff know how to escalate a security incident promptly to the appropriate person or team to determine whether a breach has occurred.
  • Procedures and systems facilitate the reporting of security incidents and breaches.
  • Your organisation has a response plan for promptly addressing any security incidents and personal data breaches that occur.
  • You centrally log/record/document both actual breaches and near misses (even if they do not need to be reported to the ICO or individuals).
  • The log documents the facts relating to the near miss or breach including:
    • its causes;
    • what happened;
    • the personal data affected;
    • the effects of the breach; and
    • any remedial action taken and rationale.

Can you answer yes to the following questions?

  • Could staff explain what constitutes a personal data breach?
  • Do they know how to report incidents?
  • Would a sample of how you manage incidents demonstrate adherence to the policy and procedures?