Self-assessment for data breaches
-
1. A personal data breach (PDB) can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. Have you determined whether a PDB has occurred?
Yes
-
2. Making your own assessment, does the breach involve the personal data of living individuals?
Yes
-
3. Following your own assessment, is there likely to be a high risk to individuals’ rights and freedoms?
No
-
4. How likely is it that the breach will result in a risk to individuals?
I'm not sure
5. Do you consider the data to be contained and the risk to data subjects mitigated?
To assist you assess the risk to the data subject you should consider if the personal data concerned is contained, for example:
- Has any lost data been located?
- Was the data sent to a trusted recipient?
- Have you asked the recipient to return the data or securely dispose of it?
- Have steps been taken to confirm the recipient has returned or securely disposed of the data?
- Did the recipient proactively contact you to advise you of the breach?
- Was the data encrypted or password protected or now beyond use?
Taking into account the above points (which is not exhaustive), do you consider the data to be contained and the risk to data subjects mitigated?