Use this page to report one of the following types of breach to the ICO:

DPA security breach

Under the Data Protection Act (DPA), although there is no legal obligation on data controllers to report breaches of security, we believe that serious breaches should be reported to the ICO.

Report a data security breach (DPA)

Ffurflen hysbysu toriad diogelwch data

PECR security breach (for telecoms and internet service providers)

Under the Privacy and Electronic Communications Regulations (PECR), organisations who provide a service allowing members of the public to send electronic messages (eg telecoms providers or internet service providers) are required to notify us if a personal data breach occurs.

 Report a data security breach (PECR)

Unlawful use of personal data breach (section 55)

Use this form to report that data has been unlawfully obtained or accessed (a breach of section 55 of the Data Protection Act) to the ICO. 

Report a S55 breach