Data Breach
A Data Breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
A personal data breach is therefore a type of security incident and there are three different types of breach that may occur:
1. Confidentiality breach – an accidental or unauthorised disclosure of, or access to, personal data.
2. Availability breach – an accidental or unauthorised loss of access to, or destruction of, personal data.
3. Integrity breach – an accidental or unauthorised alteration of personal data.
A breach can concern confidentiality, availability and integrity of personal data at the same time, as well as any combination of these.
A personal data breach would, for example, include:
• personal data being disclosed to an unauthorised person, e.g. an email containing personal data being sent to the wrong person.
• an unauthorised person accessing personal data, e.g. an employee’s personnel file being inappropriately accessed by another staff member due to a lack of appropriate internal controls.
• a temporary or permanent loss of access to personal data, e.g. where a client’s or customer’s personal data is unavailable for a certain period of time due to a system shut down, power, hardware or software failure, infection by ransomware or viruses or denial of service attack, where personal data has been deleted either accidentally due to human error or by an unauthorised person or where the decryption key for securely encrypted data has been lost.
Data Breach
A Data Breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
A personal data breach is therefore a type of security incident and there are three different types of breach that may occur:
1. Confidentiality breach – an accidental or unauthorised disclosure of, or access to, personal data.
2. Availability breach – an accidental or unauthorised loss of access to, or destruction of, personal data.
3. Integrity breach – an accidental or unauthorised alteration of personal data.
A breach can concern confidentiality, availability and integrity of personal data at the same time, as well as any combination of these.
A personal data breach would, for example, include:
• personal data being disclosed to an unauthorised person, e.g. an email containing personal data being sent to the wrong person.
• an unauthorised person accessing personal data, e.g. an employee’s personnel file being inappropriately accessed by another staff member due to a lack of appropriate internal controls.
• a temporary or permanent loss of access to personal data, e.g. where a client’s or customer’s personal data is unavailable for a certain period of time due to a system shut down, power, hardware or software failure, infection by ransomware or viruses or denial of service attack, where personal data has been deleted either accidentally due to human error or by an unauthorised person or where the decryption key for securely encrypted data has been lost.