Talk:Data Breach Policy/Proposed revisions June 2014: Difference between revisions
Jump to navigation
Jump to search
(→Rationale for changes: new section) |
m (→Rationale for changes: fix link) |
||
| Line 1: | Line 1: | ||
== Rationale for changes == | == Rationale for changes == | ||
We now have a standard form for reporting breaches which makes a lot of the old working unnecessary (you can view the current copy [http://ico.org.uk/for_organisations/data_protection/~/media/documents/library/Data_Protection/Forms/security_breach_notification_form.docx | We now have a standard form for reporting breaches which makes a lot of the old working unnecessary (you can view the current copy [http://ico.org.uk/for_organisations/data_protection/~/media/documents/library/Data_Protection/Forms/security_breach_notification_form.docx here] | ||
I've also re-emphasised the requirement to notify within 24 hours and noted that this now applies to all breaches, however trivial. If in doubt staff should contact the ICO to confirm if something less serious constitutes a breach and tend to err on the side of caution and notify. | I've also re-emphasised the requirement to notify within 24 hours and noted that this now applies to all breaches, however trivial. If in doubt staff should contact the ICO to confirm if something less serious constitutes a breach and tend to err on the side of caution and notify. | ||
Revision as of 23:13, 14 May 2014
Rationale for changes
We now have a standard form for reporting breaches which makes a lot of the old working unnecessary (you can view the current copy here
I've also re-emphasised the requirement to notify within 24 hours and noted that this now applies to all breaches, however trivial. If in doubt staff should contact the ICO to confirm if something less serious constitutes a breach and tend to err on the side of caution and notify.