MILLOM without PARISH COUNCIL
Revised & adopted by Full Council on Revision date
A personal data breach is one that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
Currently, data breaches do not have to be routinely notified to the ICO or others although the ICO recommends that it is good practice so to do. However, guidance states that organisations should notify the Information Commissioners Office of a breach where it is likely to result in a risk to the rights and freedoms of individuals or if it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
Data Breaches will be recorded using the ICO’s online system:
and the following information should be provided:
The potential scope and cause of the breach
Mitigation actions the council plans to take
Details of how the council plans to address the problem.
If a breach is likely to result in a high risk to the rights and freedoms of individuals (such as through identity theft) the council will notify those concerned.
Under the GDPR, we are required to report a personal data breach, which meets the reporting criteria, within 72 hours to the Information Commissioner. In line with the accountability requirements, all data breaches must be recorded by the parish council along with details of actions taken. This record will help to identify system failures and should be used to improve the security of personal data.
If anyone (including a third party such as a payroll provider) suspects that a data breach has occurred details of the alleged breach should be submitted immediately in writing to:
The Clerk, Millom without Parish Council, Low Marshside, Underhil, nr Millom LA18 5HA
Or email firstname.lastname@example.org