Data breaches
It can happen to anyone: you accidentally send an email to the wrong person. Or your work laptop is stolen. Thats not only unpleasant for you, but possibly also for others: it could cause a data breach. On this page we explain what a data breach is, why it is important to pay attention to it and what you should do if you are confronted with one.
Are you in doubt whether an incident is actually a data breach?
Always report it internally! The rule is: better to report once too many than too few.
What is a data breach?
When there is unauthorized or unintentional access to, but also unwanted destruction, loss, alteration and disclosure of personal data, we speak of a data breach. There are numerous events that can fall within this category. Some examples of possible data breaches:
- Emailing documents or text containing personal data to the wrong recipient.
- A cyber-attack in which personal data has been stolen.
- Incorrectly configured authorization in an application, so that people who should not have access to certain personal data do have such access.
- A lost flash drive on which personal data was stored.
- A stolen work laptop or -phone.
- Leaving exams on the train.
Why is it important to pay attention to this?
Tilburg University processes a lot of people's personal data for all sorts of reasons. A data breach can pose a risk to the privacy of these people. Often there is no malicious intent behind a data breach, but human mistake can have major consequences for those involved. By being aware of this risk, we hope that you will also handle the data you process as an employee consciously and carefully. Prevention is always better than cure!
In addition, Tilburg University is obliged to keep its own register of data breaches and (when the data breach is likely to cause a risk to the rights and freedoms of those involved) to report the leak to the Autoriteit Persoonsgegevens (Dutch supervisory authority). There is a strict deadline for reporting data breaches to the supervisory authority, namely within 72 hours of discovery.
What should you do in the event of a data breach?
First of all, don't panic. You're not the first this has happened to, and you probably won't be the last.
However, it is important to act as quickly as possible after discovery, so that the possible consequences of the data breach can be kept to a minimum. In addition, it is important that we learn from data breaches and, where necessary, can take measures to prevent new data breaches. That's why we ask you to report potential data breaches as soon as possible via the form Report a data breach or security problem.
Your report will then reach the Privacy & Security Workgroup. This workgroup consists of experts in the field of Privacy and Security, who can assess the incident and help you further with how you can minimize the impact of the data breach. They can also assess whether the data breach is subject to a mandatory notification to the Autoriteit Persoonsgegevens.