WHAT IS A DATA BREACH?
A data breach is a security incident in which unauthorised entities gain access to sensitive, confidential or protected information. This can include personal data, financial details and corporate secrets. The unauthorised access can occur due to hacking, malware, human error, or other vulnerabilities. Once access has been gained, malicious actors can then expose, steal or misuse the compromised data. Data breaches can have serious consequences, including identity theft, financial loss and reputational damage.
MINIMISE THE RISK OF DATA BREACHES
By taking the following ICO-inspired steps, you can effectively combat the threat of a data breach occurring:
Store personal data securely | Implement a clear desk policy | Establish a remote working policy | Ensure that CRM systems or address books are up-to-date | Deploy clear and concise naming conventions for all documentation | Exercise care when redacting data | Consistently review access controls | Provide regular staff training | Always back up your systems | Be wary of ex-employees and always take care when speaking with people outside of your organisation
HOW TO RESPOND TO A DATA BREACH
We once again recommend that you adhere to these steps from the ICO regarding personal breaches:
1. Don’t panic | 2. Take note of the time (by law you must report such a breach to the ICO within 72 hours) | 3. Find out what has happened | 4. Try to contain the breach | 5. Assess the risk(s) | 6. Protect those affected (if necessary) | 7. Submit your report (also if needed)
Existing CRIBB DPO clients know exactly what to do and how to report breaches. For others, use this ICO page to make your reports.