Data Breach Policy

Speir.TV Data Breach Policy

1.             Introduction

2.             Purpose and Scope

3.             Definitions / Types Of Breach

4.             Reporting An Incident

5.             Containment and Recovery

6.             Investigation and Risk Assessment

7.             Notification

8               Evaluation and Response

9.             Policy Review

APPENDIX 1


DATA BREACH REPORT FORM

Please act promptly to report any data breaches. If you discover a data breach, please notify your Head of Department immediately, complete Section 1 of this form and email it to the Data Protection Officer ([email protected]) and IT Helpdesk ([email protected]) where appropriate

Section 1: Notification of Data Security BreachTo Be Completed By Head of Dept. Or Person Reporting Incident
Date Incident Was Discovered: 
Date(s) Of Incident: 
Place Of Incident: 
Name Of Person Reporting Incident: 
Contact Details Of Person Reporting Incident (email address, telephone number): 
Brief Description Of Incident Or Details Of The Information Lost: 
Number of Data Subjects Affected, If Known: 
Has Any Personal Data Been Placed At Risk? If, So Please Provide Details: 
Brief Description Of Any Action Taken At The Time Of Discovery: 
For Use By The Data Protection Officer
Received By: 
On (date): 
Forwarded For Action To: 
On (date): 
Section 2: Assessment of SeverityTo Be Completed By The Lead Investigation Officer In Consultation With The Head Of Area Affected By The Breach And If Appropriate IT Where Applicable
Details Of The IT Systems, Equipment, Devices, Records Involved In The Security Breach: 
Details Of Information Loss: 
What Is The Nature Of The Information Lost? 
How Much Data Has Been Lost? If Laptop Lost/Stolen: How Recently Was The Laptop Backed Up Onto Central IT Systems? 
Is The Information Unique? Will Its Loss Have Adverse Operational, Research, Financial Legal, Liability Or Reputational Consequences For Speir Digital, Inc. Or Third Parties? 
How Many Data Subjects Are Affected? 
Is The Data Bound By Any Contractual Security Arrangements? 
What Is The Nature Of The Sensitivity Of The Data? Please Provide Details Of Any Types Of Information That Fall Into Any Of The Following Categories: 
HIGH RISK Personal Data• Special Categories Personal Data (as defined in the Data Protection Legislation) Relating To A Living, Identifiable Individual’sa) racial or ethnic origin;b) political opinions or religious beliefs;c) trade union membership;d) genetics;e) biometrics (where used for ID purposes)f) health;g) sex life or sexual orientation 
• Information That Could Be Used To Commit Identity Fraud Such As; Personal Bank Account And Other Financial Information; National Identifiers, Such As National Insurance Number And Copies Of Passports And Visas;
• Personal Information Relating To Vulnerable Adults And Children;
• Detailed Profiles Of Individuals Including Information About Work Performance, Salaries Or Personal Life That Would Cause Significant Damage Or Distress To That Person If Disclosed;
• Spreadsheets Of Marks Or Grades Obtained By Student Interns, Information About Individual Cases Of Student Discipline Or Sensitive Negotiations Which Could Adversely Affect Individuals.
• Security Information That Would Compromise The Safety Of Individuals If Disclosed.
Data Protection Officer And/Or Lead Investigation Officer To Consider Whether It Should Be Escalated To The Appropriate Speir Digital, Inc. Executive Committee Member
Section 3: Action TakenTo Be Completed By Data Protection Officer And/Or Lead Investigation Officer
Incident Number (e.g. year/001): 
Report Received By: 
On (date): 
Action Taken By Responsible Officer(s): 
Was Incident Reported To Police?Yes/No - If YES, Notified On (date):
Follow Up Action Required/Recommended: 
Reported To Data Protection Officer And Lead Officer On (date): 
Reported To Other Internal Stakeholders (details, dates): 
For Use Of Data Protection Officer And/Or Lead Officer: 
Notification To ICOYES/NO - If YES, Notified On: Details:
Notification To Data SubjectsYES/NO - If YES, Notified On: Details:
Notification To Other External, Regulator/StakeholderYES/NO - If YES, Notified On: Details:

Updated 12-06-2018

Leave a Reply

You must be logged in to post a comment.