First aid for data breaches
It can happen to anyone: you accidentally send an email to the wrong person. Or your work laptop is stolen. This is not only unpleasant for you, but possibly also for others: it could cause a data breach. In this post we explain what a data breach is, why it is important to pay attention to it and what you should do if you are confronted with one.
Are you aware of our security & privacy guidelines?
Why is it important to pay attention to this?
Tilburg University processes a lot of people's personal data for all sorts of reasons. A data breach can pose a risk to the privacy of these people. Often there is no malicious intent behind a data breach, but a human clumsiness can have major consequences for those involved. By being aware of this risk, we hope that you will also handle the data you process as an employee consciously and carefully. Prevention is always better than cure!
In addition, Tilburg University is obliged to keep its own register of data breaches and (when the data breach is likely to cause a risk to the rights and freedoms of those involved) to report the leak to the Autoriteit Persoonsgegevens (Dutch supervisory authority). There is a strict deadline for reporting data breaches to the supervisory authority, namely within 72 hours of discovery.
What is a data breach?
When there is unauthorized or unintentional access to, but also unwanted destruction, loss, alteration and disclosure of personal data, we speak of a data breach. There are numerous events that can fall within this category. Some examples of possible data breaches:
- Emailing documents or text containing personal data to the wrong recipient.
- A cyber-attack in which personal data has been stolen.
- Incorrectly configured authorization on a collaboration environment that also contains personal data, so that people who should not have access to that personal data do have such access.
- Sharing personal data with an external party without proper agreements (in accordance with the GDPR).
- Leaving printed copies with personal data in the printer or wastebasket.
What should you do in the event of a data breach?
First of all, don't panic. You're not the first this has happened to, and you probably won't be the last.
However, it is important to act as quickly as possible after discovery, so that the possible consequences of the data breach can be kept to a minimum. We therefore ask you to report data breaches as soon as possible using the form Report a data breach. Your report will then reach the Privacy & Security Workgroup. This workgroup consists of experts in the field of Privacy and Security, who can assess the incident and help you further with how you can minimize the impact of the data breach. They can also assess whether the data breach is subject to a mandatory notification to the Autoriteit Persoonsgegevens.