Notification of data security breaches
01 April 2008
The ICO has published a guidance note on when the ICO should be notified of a breach of data security. Although there is no legal obligation to report breaches which result in loss, release or corruption of personal data, the ICO believes serious breaches should be brought to their attention of his Office.
The key factor is the potential harm to individuals, along with the volume and sensitivity of data involved. The note also assists in establishing what information the ICO should receive and which steps the ICO could take in response to a notification.