Most of the content on this intranet is made up of ex county council information due to the county intranet being turned off. Please read the blog to find out more about how we have developed this new intranet and where you can go to find information that relates to you.
Report a data breach
Information about data breaches and how to report them.
How to report a data breach
Report a data breach by using the online reporting form
Email: databreaches@cumberland.gov.uk
What you'll need to provide
Employees reporting data breaches and incidents are asked to provide as much information as possible, this should include (but not limited to):
- what has happened
- where it happened
- who is affected
- who caused it - named officers
- what has been done to contain it
- supporting material that provides evidence of actions taken
About personal data breaches
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Personal data breaches can include:
- access to data by an unauthorised third party
- deliberate or accidental action (or inaction) by a controller or processor
- sending personal data to an incorrect recipient
- loss of electronic devices such as laptops, tablets, mobile phones
- alteration of personal data without permission
A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.
Data Breach Reporting Policy, Procedure
Why we use personal data
We obtain, hold and use personal data (such tasks are referred to as processing) about employees, customers, clients, residents and visitors. Data is an important asset for the council as it forms the information necessary to provide a wide range of services. Therefore, properly protected data is essential to the successful operation of the council.
Our responsibilities around data
Whether you work in a depot, care home, office, from home or deal with customers face-to-face in the community, each of us has a personal responsibility to ensure that council data is kept secure at all times and that the privacy of individuals is protected.
What we can all do to protect data:
- never share council business, documents and files outside of the secure council ICT equipment
- never email council business to personal email accounts
- always use a strong, complex password that is only used by yourself and not shared with anyone else
- always lock your computer if you move away from it so that it cannot be accessed by anyone else
- always double check who you are sending information to carefully to ensure they are the intended recipient and you have the correct address
- always think of additional protections you may need to apply to highly sensitive data via encryption, password protecting files
- always seek advice or support from your manager or Data Protection team if you are unsure or have any doubts about the best way to ensure data and information remains protected.