Contents
Summary
A data breach is where an unauthorised party gains access to sensitive, personal or confidential information, this may be via a security incident or accidental sharing of information.
WarningYou are breaking the law if you do not meet this standard.
Categories
The categories applicable to this standard are:
- Information and Data Management
-
- Data Lifecycle
Purpose
You are legally required to report a breach of this standard.
How to meet this standard
What all DfE staff, including consultants, contractors and third party suppliers must do
- Ensure any identified cyber-attacks against services are identified, resisted and DfE security advice is responded to.
- Take relevant action immediately following a data breach (or suspected breach) or a near miss within 12 hours of detection.
- Report incident(s) through the online Incident form to the DfE security team.
What the Information Asset Owner (IAO) / Senior Responsible Owner (SRO) must do
- Ensure continuity plan(s) are in place to respond to threats to data security, including significant data breaches or near misses.
- Test continuity plans once a year as a minimum, with a report to senior management.
See the Gateway to Data Compliance (DfE Intranet) for details on how to apply this standard.
Declaring conformance with this standard
Conformance with the standard must be recorded every 12 months.
Owner and contacts
- Standard owner
-
Dan
Richardson
Personal Data Breach Lead - Other point of contact
-
DDT
Standards
Team