If we ever have occasion to notify the ICO of a breach then we will need to include details of the security measures in place e.g. encryption, and details of the security procedures in place at the time of the breach. We will also need to advise the ICO if the media are aware of the breach so that they can manage any increase in enquiries from the public. The ICO must be notified of reportable breaches (i.e those that are serious) with 72 hours of discovery.
When informing the media the ICO advise that it is useful to tell them we have contacted them and what action is being taken. The ICO will not normally tell the media or other third parties about a breach that has been notified to them, but they may advise us to do so. We may also need to consider notifying third parties e.g. police, insurers, professional bodies, bank, credit card companies who can assist in reducing the risk of financial loss to individuals, and trade unions.