For organisations Report a breach Data security breach (PECR) Report a data security breach Share(Opens Share panel) Share this page Share via Reddit Share via LinkedIn Share via email What information are you providing? * Completed monthly log Initial notification of a security breach (within 24 hours) Second notification with further detail (within 3 days) Follow-up notification with outstanding details Monthly log If there have been personal data breaches, please attach your completed breach log below. If there have not been any personal data breaches during this month, you can email a 'nil return' to datasecuritybreach@ico.org.uk. As nil returns do not need to be sent securely, you do not need to use this form. Breach log * Cancel We accept Excel, Word and Open Office spreadsheet and document files, CSVs and text-based files. Maximum of 2 MB. Initial notification of a security breach Use this form for the first notification within 24 hours of detecting a breach. When did this breach occur? Please enter a valid date in the format dd/mm/yyyy On or between ... * Please enter a valid date in the format dd/mm/yyyy ... and * Please enter a valid date in the format dd/mm/yyyy When was the breach first detected? * Briefly describe the breach (eg theft, loss, copying) * What is the nature and content of the personal data concerned? * What technical and organisational security measures have you applied (or were to be applied) to the affected personal data? * Were other providers involved? * Information to provide now if possible You should provide the following information now, if possible. If not, you must send a second notification form within three days. Second notification of a security breach (providing further detail) You should have already sent an initial notification with as much information as possible. Please now provide further detail. For each question, please add any further details since your initial notification. Please tell us if any details have changed. If you cannot provide any of the information we ask for now, you should explain why, and send a follow up form as soon as possible. Follow up notification with any outstanding details You should have already sent an initial notification and second notification with as much information as possible. Please now provide any further remaining details. When did this incident occur? Please enter a valid date in the format dd/mm/yyyy On or between ... * Please enter a valid date in the format dd/mm/yyyy ... and * Summarise the incident that caused the breach Did the breach occur in response to a Regulation of Investigatory Powers Act request? * Yes No What was the physical location of the breach and the storage media involved? How many individuals were affected? What are the potential consequences and adverse effects on those individuals? What technical and organisational measures have you taken to mitigate those potential adverse effects? Please provide the content of any notification to customers (you can attach this at the end of this form or provide it here) How were customers notified (eg by email)? How many customers were notified? Does the breach affect individuals in other EU member states? If so, which states? Have you notified any other data protection authorities (if so, which ones)? Have you provided all the information we have asked for? * Yes No Please attach any other relevant supporting information Cancel We accept Word, Excel and other MS Office and Open Office files, image files, and text files. Up to 2 MB per file About you (the service provider) Organisation name * Who should we contact? Name * Job title * Email * Confirm email * Phone * Address Search for an address Street * Line 1 Line 2 Line 3 Town or city County Postcode * Country * Afghanistan Albania Algeria Andorra Angola Antigua and Barbuda Argentina Armenia Australia Austria Azerbaijan Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bhutan Bolivia Bosnia and Herzegovina Botswana Brazil Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Central African Republic Chad Chile China Colombia Comoros Congo Congo (Democratic Republic) Costa Rica Croatia Cuba Cyprus Czechia Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Eswatini Ethiopia Fiji Finland France Gabon Georgia Germany Ghana Greece Grenada Guatemala Guinea Guinea-Bissau Guyana Haiti Honduras Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Ivory Coast Jamaica Japan Jordan Kazakhstan Kenya Kiribati Kosovo Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Mauritania Mauritius Mexico Micronesia Moldova Monaco Mongolia Montenegro Morocco Mozambique Myanmar (Burma) Namibia Nauru Nepal Netherlands New Zealand Nicaragua Niger Nigeria North Korea North Macedonia Norway Oman Pakistan Palau Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Qatar Romania Russia Rwanda Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Korea South Sudan Spain Sri Lanka St Kitts and Nevis St Lucia St Vincent Sudan Suriname Sweden Switzerland Syria Tajikistan Tanzania Thailand The Bahamas The Gambia Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Yemen Zambia Zimbabwe Submit