Reporting an information security incident

The University holds a large amount of information, both in hard and soft copy. This includes personal and sensitive personal data, and also non-personal information which could be sensitive or commercially confidential, for instance financial data. Care should be taken to protect this type of data, to ensure its integrity and to protect it from loss, theft or unauthorised access.

In the event of a information security incident (also known as a data protection breach), it is vital that appropriate action is taken to minimise associated risks.  A risk analysis should be performed factors which need to be considered are:

  • the number of individuals affected,
  • the type of data involved (personal, financial, etc.),
  • the impact on individuals.

What is an information security incident?

An information security incident is any event or near-miss in which confidential or sensitive data is compromised by being lost, destroyed, altered, copied, transmitted, stolen, used or accessed unlawfully or by unauthorised individuals whether accidentally or on purpose. Some examples include:

  • loss, or theft of equipment on which data is stored,
  • unauthorised access to data,
  • human error such as emailing data to the wrong recipient by mistake,
  • failure of equipment leading to loss of data,
  • hacking attack,
  • data maliciously obtained by way of social engineering.

Reporting an information security incident

Information security incidents should be reported immediately to the IT Service Desk, as the primary point of contact. The report should include full and accurate details of the incident, including who is reporting the incident, what type of data is involved, if the data relates to people, how many people are involved. IT Service Desk will keep a confidential log of this information. This will then be escalated to the Information Compliance Officer who in turn will convene a response team.