Guidance for members of University staff on reporting a potential data protection breach Document Breach Evaluation Form (190.22 KB / RTF) How to report a potential data protection breach It is the responsibility of any member of staff who discovers a personal data incident to report it immediately by email to the Data Protection Officer at dpo@ed.ac.uk. The email subject line should state ‘breach’. Staff members who report a data protection breach will be asked to complete Part A of the Data Protection Breach Response Evaluation Form within 24 hours of discovering the potential breach involving personal data. When you return the form you should ensure that you copy your email to the head of your school or service area and to your local Data Protection Champion(s). If you require IS User Services Division to delete an email sent in error, please initiate a Unidesk call. Data Protection Champions How to recognise a potential data protection breach Data protection law defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” Incidents resulting in the temporary loss or unavailability of personal data may still constitute a personal data breach. Personal data is information about a living, identifiable individual. Definitions Data protection breach procedure The University’s procedure for dealing with data protection breaches is set out in section 17 of the Data Protection Handbook. The Handbook also contains examples of data protection breaches. All individuals who access, use or manage the University’s information are responsible for following these guidelines and for reporting any data protection incidents that come to their attention. Data Protection Handbook This article was published on 2023-11-09
