Data breaches
Any incident that could potentially compromise the security of personal data represents a breach must be reported immediately.
If you discover a breach there please report to the Data Protection Officer and gdpr@ulster.ac.uk
If you wish to make a complaint, please contact Data Protection Officer or Information Commissioner's Office (ICO)
-
What is a Personal Data Breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
The University has an obligation to report certain types of Personal Data Breach to the ICO without undue delay and, where feasible, not later than 72 hours after having become aware of it. If the breach is likely to result in a high risk to the individuals' rights and freedoms, the University must also inform those individuals without undue delay. The University must keep a record of any Personal Data Breaches, their effects and the remedial action plan.
-
Events or incidents that must be reported
Any personal data breach including but not limited to any incident that could potentially compromise the security of personal data such as:
- theft of a laptop;
- loss of mobile phones, flash drives and other data storage devices;
- sending an email or letter to the wrong address;
- loss of Personal Data resulting from an equipment or systems failure;
- loss of hardcopy documents are files which contain Personal Data;
- non arrival of sensitive information;
- maintenance of unsecured databases;
- human error, such as accidental deletion or alteration of Personal Data;
- unforeseen circumstances, such as a fire or flood; and
- deliberate attacks on IT systems, such as hacking, viruses or phishing scams
The above list is not exhaustive and should you be in in any doubt, please simply report the
suspected incident to the DPO out of an abundance of caution.