If, despite the security measures you take to protect the personal data you hold, a breach of security occurs, it is important to deal with the breach effectively. The breach may arise from a theft, a deliberate attack on your systems, the unauthorised use of personal data by a member of staff, accidental loss, or equipment failure. However the breach occurs, you must respond to and manage the incident appropriately. You will need a strategy for dealing with the breach, including:
- a recovery plan, including damage limitation;
- assessing the risks associated with the breach;
- informing the appropriate people and organisations that the breach has occurred; and
- reviewing your response and updating your information security.
Read more about how to respond to a security breach and our more detailed guidance on information security breach management.