Find out what to do if your data has been lost, stolen or compromised.

Data breaches and security incidents

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

Personal data breaches can include:

  • access to data by an unauthorised third party
  • deliberate or accidental action (or inaction) by a controller or processor#sending personal data to an incorrect recipient
  • loss of electronic devices i.e., laptops, tablets, mobile phones
  • alteration of personal data without permission


A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.

We obtain, hold and use personal data (such tasks are referred to as processing) about employees, customers, clients, residents and visitors.  Data is an important asset for the Council as it forms the information necessary to provide a wide range of services. Therefore, properly protected data is essential to the successful operation of the Council.

We legally have to ensure the security and confidentiality of the data we hold under the UK General Data Protection Regulation (“UKGDPR”).

This includes having a Data Breach Reporting Procedure in place to identify, log, manage and respond to incidents.

If you think you have been affected by any of the issues described above ask us a question or  report it to us:

informationgovernance@cumbriafire.gov.uk