What is a data security breach?
A data security breach is considered to be any loss of, or unauthorized access to, our data, involving personal data controlled and/or processed by us. Data security breaches include the loss or theft of data or equipment on which data is stored, inappropriate access controls allowing unauthorised use, human error (e.g information sent to the incorrect recipient), hacking attacks and ‘blagging’ where information is obtained by deception.
Managing a data security breach
Outlined below are the steps followed after the initial containment of the breach. The steps may run concurrently. During the management procedure, we keep records of what actions have been taken and by whom.
As soon as a data security breach has been detected or is suspected we:
- Identify who should lead on investigating and managing the breach
- Establish who (within ResQ) should be aware of the breach
- Identify and implement any steps required to contain the breach
- Identify and implement any steps required to recover any losses and limit the damage of the breach
- Assess the risk of the breach
- If appropriate inform the police
- Notify the data subjects whose data was leaked, lost, obtained or otherwise compromised due to the breach. Notification is done via email and without any unnecessary delay (always under 72 hours after detecting the breach)
After the immediate response to the detected or suspected breach, we:
- Investigate the cause for the breach
- Write a brief report on the cause(s) for the breach and recommendations to prevent similar breaches in the future
- Notify the data subjects affected by the breach about the cause for the breach and actions we plan to take (or have already taken) to prevent similar breaches
- Take action to secure our systems and operations from similar breaches based on the given recommendations
In case you have any questions regarding our Breach Notification Procedure, please contact us at firstname.lastname@example.org.