We will ensure that every member of staff is aware of their responsibility to ensure that individual’s data is kept safe. However, there may be an incident that results in a breach of this data.
A breach of security includes (but is not limited to)
- Divulging personal or special category data to an unauthorised person.
- Sharing personal information without a sharing protocol or contract referencing duties of processor/controller.
- Misuse of ICT equipment, including misuse of passwords, leaving electronic devices unlocked or in an unsecure location.
- Granting, gaining or attempting to gain unauthorised access to systems.
- Acting outside the Employee Code of Conduct and Bron Afon’s policies, procedures, advice and guidance on data protection or information security.
- Accidental loss, damage or destruction of personal data.
All breaches must be reported to the DPO for investigation following the procedure for ‘Managing Data Breaches’. High risk breaches must be reported by the DPO to the Information Commissioner’s Office within 72 hours, so it is essential that once a breach has been identified that the DPO is made aware.
Please email data.protection@bronafon.org.uk with all details of the breach.
Breach of this policy is a considered a serious disciplinary matter and may result in disciplinary action being taken.