How to report a data breach…
Another week, another data breach. This time it is Dixons Carphone who are in the spotlight after an incident occurred which involved the data of nearly 6 million customers being compromised.
This episode has been branded as one of the UK’s biggest data breaches at a single firm and Dixons Carphone have since seen a 6% drop in share price following the attempted hack which involved unauthorised access to 5.9 million customers’ bank cards.
Dixons Carphone have since said they identified the huge breach during a review of their data and systems. Data that was left compromised during the hack was that of names, addresses, email addresses and bank details of individuals who had shopped with Dixons.
The ICO (Information Commissioner’s Office) has said the investigation is ongoing and is still in its early stages whilst they try to identify exactly what went wrong, and how they are going to address the problem and move forward.
As we are seeing on a weekly basis, despite continued best efforts to keep data secure and to comply with data protection regulations, breaches do still occur.
Even with strict security policies in place, as humans, we still make mistakes. Maybe you left a laptop or hard drive on the train home? Or you weren’t concentrating fully and sent an email with sensitive data on it, to the wrong person? Or maybe you were extremely unlucky and found your business as the target of a thief who stole personal records and files.
Things like this are all part and parcel of life: things do go wrong sometimes. But one thing is for sure – if you do experience a data breach, no matter how big or small it may be, you need to assess whether the breach is internal or external, and the likelihood and severity of any risk to people’s right and freedoms following the breach.
When you’ve made this assessment (and recorded the breach internally), if it’s likely there will be a risk, then you must notify the ICO. If it’s unlikely then you don’t have to report it. You do not need to report every breach to the ICO…however, you need to make sure that measures are put in place to prevent something from happening again.
The Information Commissioner’s Office has a helpline solely dedicated to personal data breaches, which should you find yourself in this position, you should call as soon as possible. The number for the helpline is: 0303 123 1113.
The dedicated team at the end of the phone will ask questions to establish the severity of the breach as they will need to determine what data has been compromised to best advise your next steps. They will be able to provide advice on how to contain the breach and they will give some guidance to help you ensure no breach happens again.
Although this may all sound incredibly daunting, it is important you know what to do in the case of a breach, as failing to report an incident could result in a hefty fine as well as a decline in your reputation.
For any assistance in ensuring your data is as secure as possible, or for any advice regarding data protection, please call Griffin House Consultancy today on +44 (0)1673 885533 and we will be more than happy to help.
You can also sign up to our eBulletin for the latest developments in data protection, information governance and compliance.
Can a data breach be a good thing? Read our latest blog…