Print

Print
The thought of allowing anyone other than the DPO (function) to notify the ICO of "breaches" brings me out in a cold sweat.

With a major client we have implemented an 18/7 telephone reporting and response system, with 24/7 reporting (to vmail) and an email reporting system.  Reports are handled by experienced staff who are knowledgable about the business and notification.  In the majority of "breaches" reported to date, substantial follow-up and investigation has been required to obtain sufficient information to decide (a) whether it is notifiable and (b) to complete the notification if so.

At present the assessment process is being run to the point of notification, with a go/no go decision taken within 72 hours.  It's giving confidence that breaches reported to the DPO function can be notified to the ICO within 72 hours with the required information.

On 30 Mar 2017, at 13:39, Lawrence Serewicz <[log in to unmask]> wrote:

Dear All,

I am after some comparative information about the 72 hour reporting process. What are you doing to manage the reporting, assessing, and notification?

 

Are you

 

A)    Developing a bespoke system to allow staff to upload with pre-set criteria, to triage the breach, that notifies the relevant staff who then assess notify the ICO?

 

B) Relying on Email to the relevant data protection lead

 

C) Buying an off the shelf system for staff to report breaches

 

D) Something else (please indicate)

 

E) Had not thought about it yet.

 

Thanks

 

Lawrence

 

 

 

Lawrence Serewicz

Information and Records Manager

Transformation and Partnerships

Durham County Council

County Hall

Room 143-148 4th Floor

Durham

County Durham

DH1 5UF

 

Direct 03000 268 038

Switchboard 03000 26 0000

 

www.durham.gov.uk

Follow us on Twitter @durhamcouncil

Like us at facebook.com/durhamcouncil

Follow us on linkedin.com/company/durham-county-council

 

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)