Data Breaches
If you become aware of a potential, actual or suspected data breach, you should report it to Coventry University Group.
Most data breaches will involve a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data - commonly known as personal data breaches.
However, it is also a breach where you get access to University official information, for example: where a contract is incorrectly shared with you, or you come across exam papers that don’t appear like they should be publicly available. Such incidents should also be reported as data breaches.
Contact our Data Protection Officer:
Data Protection Officer, Coventry University, Priory Street, Coventry, CV1 5FB
Examples of data breaches:
- Human error, for example an email being sent to the incorrect recipient or records being deleted accidentally;
- ‘Blagging’ whereby an individual obtains personal data by deception;
- Loss or theft of a physical file or electronic device;
- A ransomware attack whereby access to systems or records containing data is disabled or encrypted;
- A cybersecurity attack whereby personal data are accessed, altered, deleted and/or disclosed by the attacker.
- Water leaks damaging records.
- Flooding/break-ins of storage areas containing records.
Personal data breaches
If you suspect a personal data breach, please do not delay in contacting our Data Protection Officer at: dpo@coventry.ac.uk
Data Protection Officer, Coventry University, Priory Street, Coventry, CV1 5FB
When a personal data breach occurs, the university must determine the likelihood of risk to individuals' rights and freedoms. This includes considering negative consequences such as:
- physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights
- discrimination
- identity theft or fraud
- financial loss
- unauthorised reversal of pseudonymisation
- damage to reputation
- loss of confidentiality of personal data protected by professional secrecy other significant economic or social disadvantage
Depending on the risk, the university may have to notify the Information Commissioners Office (ICO) and individuals that a personal data breach has occurred. A notifiable breach must be reported to the ICO without undue delay, but not later than 72 hours after becoming aware of it.
How to report an official data breach
It is important that if you suspect or are notified by somebody that there has been a data breach that it is reported immediately by the person that discovered the breach.
- In standard operating hours (M-F, 8am-5pm) please report by completing the following Coventry University Group External Data Breach Reporting Form. You should receive an immediate notification that the form has been received a further follow up within 24hours of reporting if deemed serious.
- Outside of normal hours, including bank holidays, please telephone the following number +44 (0) 24 7765 7777.
If you have any doubts or are not sure if a data breach has occurred, please report it and we will investigate further.