An information security data incident or breach is an incident which has caused or has the capacity to cause unauthorised disclosure of and/or damage to university information, or to personal data, or the university's information systems. This could be:
- Accidental loss, alteration or theft of data or equipment, it might be personal data
- Unauthorised or accidental use, access to or modification of data or systems
- Attempts by criminals to gain access to or disrupt data or systems
- Unauthorised or accidental disclosure of personal data (e.g. in emails)
If you think you have suffered an incident or breach of this type
You should report the incident immediately to the IT Service Desk (extension 7555). If the incident involves personal data, report it to compliance@gre.ac.uk, providing details using the Incident Reporting Form.
It's important this happens as quickly as possible so that the incident can be investigated, assessed, contained and the risks can be mitigated. We may also need to inform external bodies, and, where personal data incidents have happened, Data Subjects may need to be informed.
Policies and procedures
Knowing and following the university's policies and procedures is a good way of safeguarding data. The information security policies are updated periodically to ensure they align with best practices and comply with regulatory requirements. The university's Information Security and Assurance Policy has been updated recently, to learn more, visit the IT policies webpage.
If you need further information, or have any questions about security data incidents or breaches please contact compliance@gre.ac.uk