Reporting data protection and information security incidents
For any incident involving inappropriate disclosure of personal data or other sensitive information (eg highly restricted information), contact the Information Governance Office immediately:
For lost/stolen data storage devices (eg PC, laptop, tablet, USB stick, smart phone) contact the Information Governance Office firstname.lastname@example.org and the University Security Office on 0161 306 9966 (the number is on the back of all staff/student ID cards).
Reporting of incidents and ‘near misses’ should be viewed positively as it will allow the University to analyse trends, rectify vulnerabilities and thereby reduce the likelihood or impact of future incidents.
What information do I need to report?
Please include the following information so the IGO can triage your incident:
- Faculty/School/Department involved in the breach
- The date and time the incident occurred
- The date and time the incident was discovered
- How the incident was discovered
- A brief summary of the incident
Further information may be required once the initial triage process has taken place and you will be advised accordingly by the IGO staff member dealing with your incident.
Examples of incidents include:
- Information sent to incorrect recipient(s)
- Data quality or input error resulting in a breach
- Excessive information exposed in error
- Information damaged, accidentally destroyed or deleted
- Information left unattended
- Information published or made available in error
- Loss or theft of a device
- Malicious disruption to a system (e.g. computer virus)
- Ransomware attack
- Social engineering (e.g. phising, vishing, smishing)
- Unauthorised use or misuse of a system and or information
Data breaches can cause real harm and distress to the individuals involved and can provide the opportunity for identity fraud, so it’s important that incidents are reported as quickly as possible.