Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

11) Does your organisation have robust detection, investigation and reporting procedures in place for personal data breaches, including maintaining a record of all personal data breaches?

August 30, 2022
Breach Log

Answer yes if organisation has robust detection, investigation and reporting procedures in place for all personal data breaches. This should include assessing the likely risk to individuals as a result of the breach, informing affected individuals without undue delay, and documenting the facts surrounding personal data breaches in a Breach Log. Please provide details about your processes surrounding a personal data breach in the notes section, including uploading any relevant documentation (as a PDF file).

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

Personal data breach examples include:

  • access by an unauthorised third party;
  • deliberate or accidental action (or inaction) by a controller or processor;
  • sending personal data to an incorrect recipient;
  • computing devices containing personal data being lost or stolen;
  • alteration of personal data without permission; and
  • loss of availability of personal data.

Under many nation and state data privacy and protection laws you must maintain your own record of all personal data breach events in an inventory or log.

How to implement the control

A useful guide on what you must do after becoming aware of a breach was published by the UK’s data protection authority the ICO and can be found here. This can be useful to inform the content of an incident management playbook which you can use to respond to security events involving a personal data breach.

You can download a template of a Data Breach Log from the ICO here.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.