• Home
  • Login
  • Welcome to the Staff Intranet
YOU ARE HERE: Skip Navigation LinksEdinburgh Napier Staff Intranet > Service Depts > Governance & Compliance > Governance Services > Data Protection > Breach / Incident Reporting
 

​​Procedure for Breach of Data Security

 

It is important that action is taken as soon as possible following a data incident or breach to try to rectify the situation and mitigate any risks to data subjects. Tell your line manager, Governance Services or Information Services (as appropriate) - DON'T leave it...the sooner we know, the sooner we can do something about it!

 

Data Protection legislation governs the University's obligations with regard to personal data and these include a requirement to keep personal data secure. A breach of data security occurs where unauthorised or unintentional access to personal data is gained, whether this data is held in electronic or manual format. This procedure gives guidance on what to do in the event of such a breach occurring.

 

Immediate actions for an email breach/incident

 

If you send an email or email attachment in error the following are the steps you need to take to rectify it:

  1. Don't Panic! 

  2. Send us the email as an attachment. 
    Copy the email from your sent items (click on it and press the Ctrl + C keys) and paste it into a new email as an attachment (click into the body of the new email and press the Ctrl + V keys) and send this email to dataprotection@napier.ac.uk, CC'ing ISServiceDesk@napier.ac.ukexplaining what's happened and asking for the message to be deleted from the servers (if possible).

    The email should be titled "Data incident".

    It is important that a copy of the original email is provided as an attachment, not forwarded, as the attachment will contain metadata which will assist IS in finding it and removing it.

    Please note: Deleting emails from the servers only deals with internal email, NOT external email.

  3. Please attempt to recall the item. 
    See Recall or replace a sent email (microsoft.com) for more details.

  4. Governance Services Data Protection team will assess the incident and decide on the course of action to be taken. The Data Protetcion team will provide appropriate template wording​ if you are required to contact any individuals concerned. ​

  5. Please DO NOT forward, reply or "reply all" to the original email sent in error!

  6. Complete the Data Protection Incident / Breach reporting form below and send this to: dataprotection@napier.ac.uk.
     DP_Incident_Breach_reporting_form.docx (internal)


Procedure for a Brea​ch of Personal Data Security


Download the Procedure for a Breach of Personal Data Security​

  Page last updated 16 August 2023​​​​

​​

Edinburgh Napier University is a registered Scottish charity.
Registration number SC018373