Data security incident report form
If we do have a data breach then we'll need the following information:
Date of incident
Date incident was reported
Name of person reporting the breach
Names of those staff members involved (if appropriate)
Type of breach
Date of incident
Date incident was reported
Name of person reporting the breach
Names of those staff members involved (if appropriate)
Type of breach
- Digital e.g. hack, virus, file corruption, sharing client data
- Hardware e.g. lost or stolen laptop, phone
Details of the breach
- State the facts about the breach only, not opinions.
- What happened
- How many data subjects are affected
- What types of data are involved
Likely consequences of the breach
- How might this affect the data subjects?
- Will it affect the rights and freedoms of the data subjects?
- Do we need to notify clients or data subjects?
- Do we need to notify any other outside organisation or legal body?
Actions taken
- Describe what actions have been taken to deal with and mitigate the breach
ICO notification
- Do we need to notify the ICO?
- If not, why not?
- Date that the ICO was notified
- Was the notification within 72 hours?