Station Road, Sidcup
Close

How can we help?

Please fill in this form and we'll get back to you as soon as possible.

Please enter your name
Please enter your email address
Please enter your telephone number
Please enter a question
Please let us know how you heard about us
Please enter the verification code

We’ll only use this information to handle your enquiry and we won’t share it with any third parties. For more details see our Privacy Policy

Data Loss - What to Do

The Information Commissioner's Office (ICO) has issued guidance for organisations that lose personal data, having reported that it has been notified of nearly 100 such incidents to date.

One of the less intuitively obvious suggestions is to think carefully about whether all the potentially affected people need to be notified. For example, notifying all your customers about a security glitch which in reality affects only a small proportion of them may produce a flood of enquiries and requests for further information from unaffected people, as well as possibly undermining their confidence in your organisation.

What is advisable is to obtain an accurate understanding as soon as possible of the scale of the loss and the potential impact on the people whose personal information has been lost. For example, if the information is such as to make identity fraud a possibility, it is likely to be more important to notify the people concerned than if the lost information is simply a list of names and addresses (which could be obtained easily from other sources).

The ICO advises that there are four important elements to consider when creating a breach management plan. These are:

1. Containment and recovery;
2. Assessment of ongoing risk;
3. Notification of breach; and
4. Evaluation and response.