Skip to navigation | Skip to main content | Skip to footer
Menu
Search the Staffnet siteSearch StaffNet

Reporting data protection and information security incidents

For any incident involving inappropriate disclosure of personal data or other sensitive information (eg highly restricted information), contact the Information Governance Office immediately:

Email infosec@listserv.manchester.ac.uk

For lost/stolen data storage devices (eg PC, laptop, tablet, USB stick, smart phone) contact the Information Governance Office infosec@listserv.manchester.ac.uk and the University Security Office on 0161 306 9966 (the number is on the back of all staff/student ID cards).

Reporting of incidents and ‘near misses’ should be viewed positively as it will allow the University to analyse trends, rectify vulnerabilities and thereby reduce the likelihood or impact of future incidents.

What information do I need to report?

Please include the following information so the IGO can triage your incident:

  • Faculty/School/Department involved in the breach
  • The date and time the incident occurred
  • The date and time the incident was discovered
  • How the incident was discovered
  • A brief summary of the incident

Further information may be required once the initial triage process has taken place and you will be advised accordingly by the IGO staff member dealing with your incident.

Examples of incidents include:

  • Information sent to incorrect recipient(s)
  • Data quality or input error resulting in a breach
  • Excessive information exposed in error
  • Information damaged, accidentally destroyed or deleted
  • Information left unattended
  • Information published or made available in error
  • Loss or theft of a device
  • Malicious disruption to a system (e.g. computer virus)
  • Ransomware attack
  • Social engineering (e.g. phising, vishing, smishing)
  • Unauthorised use or misuse of a system and or information

Data breaches can cause real harm and distress to the individuals involved and can provide the opportunity for identity fraud, so it’s important that incidents are reported as quickly as possible.

Read the Reporting Data Protection and Information Security Incidents - Standard Operating Procedure.