It is your responsibility to ensure that you are handling personal data in an effective, secure way. However, even with the best security and processes in place, sometimes personal data may be leaked, lost or stolen. This could happen in a variety of ways:
- You email a file containing personal data to the wrong person
- Storage devices holding personal data such as a laptop or USB drive are lost or misplaced
- Paper files holding personal data are lost or misplaced
- A malicious attack on computer systems or databases to steal personal information
- Personal data is accidentally deleted and is not recoverable
What to do in the event of a data breach
Under GDPR, in the event of a data breach a report needs to be made to the authorities within 72 hours. Imperial College Union has a process for dealing with data breaches.
If you discover that you have lost or deleted data or your systems have been breached (or you suspect that this is the case but aren't sure), you should report this immediately using the ICU Data Breach form.
You should also make direct contact with the Union by coming into the office or phoning Union reception as soon as possible. You should try to provide as much information as you can about the breach so action can be taken to mitigate the effects, recover the data or report the incident to the police if necessary. Further information may be required on the extent of the breach before and after this is reported to the Information Commissioner's Office (ICO). The Union will work closely with the College breach team on the response to any data breaches.
More information on data breaches can be found on the Information Commissioner's Office (ICO) Data Breach page.
Out of office hours:firstname.lastname@example.org