Report information that has been made accessible without authorisation or damaged or lost – incident reporting.
Information security incidents occur when someone is given access to information which they are not authorised to do, where information is damaged, or where information has been lost. Where that incident involves personal data you must report it immediately. If you suspect an incident may have occurred, you are responsible for reporting it. UCL’s incident handling procedures will determine whether a breach of data protection has occurred and who this needs to be reported to.
Near-misses occur when a failure of one or more controls that are in place to protect information fails. Near-misses should also be reported through the same channels.