We like cookies!

By selecting ‘I like cookies too’, you are allowing Point Blank Music School to use cookies. We use cookies to collect your device and browser information to tailor our marketing activities for your benefit and to help with the functionality of our website. Please visit our privacy policy (see cookies policy) for more information and to understand how we use your data for required purposes.

I like cookies too!

Manage my preferences

Data Breach Procedure

Data breach definition

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes both confirmed and suspected breaches that are the result of accidental and deliberate causes.

Examples of Data security breaches may include:

  • Loss or theft of confidential/ personal data or equipment on which data is stored (e.g. laptop, USB stick, iPad/tablet device, or paper record)
  • Attempts (failed or successful) to gain unauthorised use of, access to, modification, or disclosure of confidential/ personal data by both internal and/or external parties
  • Equipment failure
  • Human error
  • Unforeseen circumstances such as a fire or flood
  • Website defacement
  • Hacking attack
  • ‘Blagging’ offences where information is obtained by deceit
  • Deliberate or accidental action (or inaction) by a controller or processor
  • Sending personal data to an incorrect recipient

Data Security Breach Reporting (All staff)

If you confirm or suspect any data security breaches, you should:

  • report the incident to your line manager immediately 
  • download the Data Breach Incident form (All staff) 
  • complete the form and email to dataprotection[at]pointblankmusicschool.com  
  • call JC #305/ Jacqueline #319 (office hours) to advise a form is being sent

Once a data breach incident has been reported, an initial assessment will be made to establish the severity of the breach and the forwarding actions should be.

Data Security Breach Reporting (Data Protection Officer Only)

In the case of a personal data breach, the Data Protection Officer (or an appropriate nominee) shall without undue delay and, where feasible, no later than 72 hours after having become aware of it, notify the incident to the supervisory authority (ICO).

There are TWO ways to report an incident

1. Call 0303 123 1113 (Monday to Friday, 9am to 5pm) with the following details, select option 3 to speak to staff who will record the breach and give you advice about what to do next.  

  • what has happened;
  • when and how you found out about the breach;
  • the people that have been or may be affected by the breach;
  • what you are doing as a result of the breach; and
  • who be should contacted for further information and who else you have told.
  • ICO will send a copy of the information Point Blank provides.

 

2.  Fill in a ICO Data Protection Breach Notification Form  

  • Download Data Breach Incident Form (DPO only)
  • Send completed form to casework[at]ico.org.uk (ICO cannot guarantee security by email)
  • with ‘DPA breach notification form’ in the subject field,
  • or by post to: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF