Personal data is information that relates to a person that directly or indirectly allows that person to be identified. Examples of personal data include a name, identification number, location data, online identifier, or one or more factors relating to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
A breach may occur if personal data is destroyed, lost, altered or if there is an unauthorised disclosure of (or access to) personal data due to a security breach. Such breaches could impact the personal data of employees or clients.
Personal data breaches can take many forms, including:
- access by an unauthorised third party
- deliberate or accidental action (or inaction) by a member of staff
- the sending of personal data to the incorrect recipient
- devices containing personal data being lost or stolen
- alteration of personal data without consent
- loss of availability of personal data
High street retailer WH Smith recently reported that it had been hit by a cyber attack which saw hackers access the data of its staff, including names, addresses, National Insurance numbers and dates of birth.