What is a data breach?
For the purpose of this Policy, data security breaches include both confirmed and suspected incidents. An incident in the context of this policy is an event or action which may compromise the confidentiality, integrity or availability of systems or data, either accidentally or deliberately.
An incident includes but is not restricted to, the following:
-
Loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad/tablet device, or paper record).
-
Equipment theft or failure.
-
Unauthorised use of, access to or modification of data or information systems.
-
Attempts (failed or successful) to gain unauthorised access to information or IT system.
-
Unauthorised disclosure of sensitive/confidential data.
-
Website defacement.
-
Hacking attack.
-
Unforeseen circumstances such as a fire or flood.
-
Human error.
-
'Blagging' offences where information is obtained by deceiving the organisation who holds it.