Most of the content on this intranet is made up of ex county council information due to the county intranet being turned off. Please read the blog to find out more about how we have developed this new intranet and where you can go to find information that relates to you.
Data breaches
Information about data breaches.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Personal data breaches can include:
-
access to data by an unauthorised third party
-
deliberate or accidental action (or inaction) by a controller or processor
-
sending personal data to an incorrect recipient
-
loss of electronic devices i.e., laptops, tablets, mobile phones
-
alteration of personal data without permission
A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.
The Council obtains, holds and uses personal data (such tasks are referred to as processing) about employees, customers, clients, residents and visitors. Data is an important asset for the Council as it forms the information necessary to provide a wide range of services. Therefore, properly protected data is essential to the successful operation of the Council.
Whether you work in a depot, care home, office, from home or deal with customers face-to-face in the community, each of us has a personal responsibility to ensure that Council data is kept secure at all times and that the privacy of individuals is protected.
Some TOP TIPS as simple reminders that we can all do to protect data include:
- NEVER share Council business, documents and files outside of the secure Council ICT equipment
- NEVER email Council business to personal email accounts
- ALWAYS use a strong, complex password that is only used by yourself and not shared with anyone else
- ALWAYS lock your computer if you move away from it so that it cannot be accessed by anyone else
- ALWAYS double check who you are sending information to carefully to ensure they are the intended recipient and you have the correct address
- ALWAYS think of additional protections you may need to apply to highly sensitive data via encryption, password protecting files etc
- ALWAYS seek advice or support from your manager or Data Protection team if you are unsure or have any doubts about the best way to ensure data and information remains protected.
Local Government Reorganisation is a complex process and there will be a period of transition to allow for services and support systems to be securely transferred. During this time some arrangements for data processing will be maintained until they can be reviewed. All sovereign councils are legally required under the UK General Data Protection Regulation (“UKGDPR”) to ensure the security and confidentiality of the data it holds, this includes having a Data Breach Reporting Procedure in place to identify, log, manage and respond to incidents.
The council needs to ensure that all employees:
- know how to recognise a personal data breach
- understand that a personal data breach isn't only about loss or theft of personal data
- contribute to a response plan for addressing any personal data breaches that happen
- are aware of who has responsibility for managing breaches
- know how to report incidents that need further investigation.
Employees reporting data breaches/incidents are asked to provide as much information as possible, this should include (but not limited to):
- what has happened
- where it happened
- who is affected
- who caused it i.e., named officers
- what has been done to contain it
- supporting material that provides evidence of actions taken
Up to 1 April 2023, employees should report data breaches/incidents using the existing procedures within their sovereign authority.
From 1 April 2023, the following resources will be available for employees of Cumberland Council:
- Cumberland Council - Data Breach Reporting Policy, Procedure and FAQs
- Cumberland Council - Online Reporting Form
- Email: databreaches@cumberland.gov.uk