Data protection - breach reporting
Network Homes takes data protection very seriously and we want to be transparent with how we mange your concerns, complaints and reports of data mishandling. Below is guidance on what is and what is not a personal data breach, how to report one and what will happen after filing the report.
The General Data Protection Regulations (GDPR) introduced in the UK by the Data Protection Act 2018 defines a personal data breach as ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.’ Therefore a personal data breach can happen at anytime, whether by accident or an act of malice by an attacker. It is where your data is inadvertently destroyed, lost, altered or disclosed to the wrong party.
Examples of a personal data breach
- Accessing personal data by an unauthorised third party.
- Deliberate or accidental action (or inaction) by a controller or processor affecting the security of personal data.
- Sending personal data to an incorrect recipient.
- Computing devices containing personal data being lost or stolen.
- Altering personal data without lawful ground to do so.
- Losing the availability of personal data.
Examples of what is not a personal data breach
- Sharing your personal data with a third party where we have a legitimate interest, legal or contractual obligation to do. (Please note we do not need consent for this.)
- Internal staff members seeing/ having access to your data. Staff members are a key part of Network Homes and they are entitled to see your data if it is applicable to their role.
- Contacting you by text without consent. We do not require consent to send you communications regarding matters to do with your tenancy or to invite you to a community event.
Once you have reported a data breach to our Data Protection Officer (DPO) you will be contacted by them to confirm acknowledgement of your report. They may also request further information about it.
The DPO or appropriate colleague will then carry out an investigation into what has happened, why and what can be done to resolve/mitigate any risks.
The DPO will send you a formal final response summarising the investigation carried out, findings and next steps, including action taken and whether this incident will be reported to the UK Data Protection regulator the Information Commissioner Office (ICO).
Within every formal final response you receive from our Data Protection Officer (DPO) you will be advised of your right to contact the Information Commissioner's Office (ICO) to seek advice, guidance and report as you deem appropriate. Network Homes' ICO registration number is ZA191631.