Report an incident or data breach

Most data protection breaches result from 'accidental loss' e.g. leaving confidential information on a train, losing a device with access to confidential information or sharing confidential information with the wrong people.

Data breaches could affect individuals and harm UWE Bristol. Staff can be personally liable for a breach too.


  • Report any suspected data breach immediately to the IT Service Desk by phone: +44 (0)117 328 3612. If in doubt shout! Report it anyway.
  • Change your password immediately if you suspect a data breach. You can change your password using Password Manager.
  • Remotely wipe (Intranet access only) UWE managed mobile devices that are lost or stolen. The IT Service Desk will assist you with this if you are unsure.


  • Delay, the longer you leave it the greater risk. On the 25th May 2018 the University is required to report personal data breaches to the ICO within 72 hours.

More information

Examples of data breaches:

  • Unauthorised/inadvertent disclosure of personal or confidential information verbally.
  • Lost or stolen device/laptop/phone containing personal or confidential data.
  • Lost or stolen unencrypted memory stick containing personal or confidential data.
  • Documents or data containing personal or confidential data lost or stolen.
  • Documents or data containing personal or confidential data found in non-secure/public area.
  • Documents or data containing personal or confidential data not stored or disposed of securely.
  • Email containing personal or confidential data send to wrong recipient(s).
  • Unauthorised/inappropriate access to personal or confidential data in IT systems.

How to avoid a data breach

  • Before you process personal data you must consider if a Data Protection Impact Assessment (Intranet access only) should be completed.
  • Provide individuals with a Privacy Notice describing all the privacy information that you make available or when you collect information about them.
  • Process data in line with data protection policy
  • Promote a clear desk policy.
  • Lock physical confidential information away.
  • Lock your computer.
  • Delete unnecessary information.
  • Have adequate security measures in place to protect devices and data.
  • Take extra care when emailing personal data.
  • Have a data processing agreement with any third parties (e.g. suppliers or partners).
  • Seek advice from the Data Protection and Records Management Officer before responding to external requests for personal information or transferring personal data overseas.

Back to top