Standard
Personal Data Breach
A data breach is where an unauthorised party gains access to sensitive, personal or confidential information, this may be via a security incident or accidental sharing of information.
Warning
You are breaking the law if you do not meet this standard.
Purpose
You are legally required to report a breach of this standard.
Categories
Information and Data Management
- Data Lifecycle
How to meet this standard
What all DfE staff, including consultants, contractors and third party suppliers must do
- Ensure any identified cyber-attacks against services are identified, resisted and DfE security advice is responded to.
- Take relevant action immediately following a data breach (or suspected breach) or a near miss within 12 hours of detection.
- Report incident(s) through the online Incident form to the DfE security team.
What the Information Asset Owner (IAO) / Senior Responsible Owner (SRO) must do
- Ensure continuity plan(s) are in place to respond to threats to data security, including significant data breaches or near misses.
- Test continuity plans once a year as a minimum, with a report to senior management.
See the Gateway to Data Compliance (DfE Intranet) for details on how to apply this standard.
Governance
Standard will be reviewed annually or if there is any change to information security policies or law.
Version history
| Version | Date | Details |
|---|---|---|
| – | – | Current version |