The University holds the personal data of thousands of staff, students, alumni, research participants and others who have an association with the University. If that data is lost, stolen, corrupted or released to unauthorised persons, the Records Management Office must be informed immediately.
It’s safest to assume that all information about a living, identifiable individual is personal data and may include:
Other examples can be found in the Information Security Categories document.
The two main types of incident are:
Where someone knows or suspects that an incident has occurred which actually or potentially involves inappropriate disclosure of personal data - contact the Records Management Office immediately on 0161 275 8111 or by emailing email@example.com outside office hours.
Where a data storage device such as a PC, laptop, tablet, USB stick, or smart phone has been lost or stolen regardless of the data it contains - immediately contact both the Records Management Office on 0161 275 8111 or by emailing firstname.lastname@example.org outside office hours and the University Security Office on 0161 306 9966 (the number is on the back of all staff/student ID cards).
If you are unsure whether or not to report an incident, consult the Records Management Office.
Personal data breaches can cause real harm and distress to the individuals involved and can provide the opportunity for identity fraud, so it’s important that incidents are reported as quickly as possible. Once the Records Management Office are notified, they will provide advice and guidance on the next steps to be taken to ensure that the rights of the individuals are protected and, where appropriate, inform the Information Commissioner’s Office.
The Information Commissioner’s Office, the independent body responsible for enforcing and overseeing compliance with legislation, has the power to require organisations to undertake specific actions and can impose significant fines on organisations which compromise people's privacy. It is important that we can demonstrate that we respond quickly to any incident or “near miss”.