What to do in the event of a data breach
Any loss of control over stored personal data is a potential data breach. Most cases involve stolen or lost digital files, but a stolen or lost printed list of personal data is also a data breach. It is important to report any data breach.
What is a data breach?
A data breach involves accessing personal data without permission and when access is not intended. The unwanted destruction, loss, alteration or disclosure of personal data also qualifies as a data breach.
Examples of data breaches:
- A printout of a CV being left in the printer
- A student receiving the grade list of a fellow student
- A forgotten laptop
- Losing personal data without having a backup for it, such as losing a stack of exams that have just been taken.
If you have any questions about data breaches, please contact the Privacy Office at privacy@bb.leidenuniv.nl.
Reporting a data breach
Report any potential data breach straight away to the ISSC Helpdesk. The Privacy Office can then take measures as quickly as possible to remedy or prevent the data breach and reduce the risk of damage to those involved and to the organisation.
In addition, the university is bound by a statutory notification deadline based on the GDPR. Some data breaches have to be reported to the Dutch Data Protection Authority (the regulator) and the people affected.
So, be a hero and contact us! Even when in doubt.
Preventing a data breach
You can prevent a data breach by following these tips about working safely online.