Data Breach Process
What is a Data Breach?
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Personal data breaches can include:
- access by an unauthorised third party
- deliberate or accidental action (or inaction) by a controller or processor
- sending personal data to an incorrect recipient
- computing devices containing personal data being lost or stolen
- alteration of personal data without permission
- loss of availability of personal data
Data Breach Reporting Process
If Adtrak becomes aware of a data breach that is likely to result in a high risk to the rights and freedoms of our clients, site visitors or other individuals, we will report the breach to the ICO within 72 hours and notify those concerned directly and without undue delay.
If one of our third party data processors suffer a breach, they are legally obliged to notify us. We can then report this breach to the ICO and inform those concerned directly, if required.
If we need to provide notification of a breach, we will contact those concerned to:
- Provide the email address and name of the contact at Adtrak who can help them obtain further information
- A description of the likely consequences of the personal data breach
- A description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects
- Advice on steps the data subjects can take to protect themselves from the risks (for example, changing passwords)
If we decide not to notify individuals, we must still notify the ICO unless we can demonstrate that the breach is unlikely to result in a risk to rights and freedoms. The ICO has the power to compel us to inform the affected individuals if they deem it necessary.