Data Security Breach Policy

This policy sets out how the Officers’ Association will manage a report of a suspected data security breach.

In order to function, the Officers’ Association (OABF) processes personal data, including that of its employees, volunteers and those whom it helps. It is registered with the ICO (Z7451217).

The OABF is committed to maintaining the highest standards of Data Protection; view the full Privacy and Data Handling Policies. This includes taking appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. Nonetheless, a breach may occur through, for example:

  • Loss or theft of data or equipment on which data is stored.
  • Weakness in access controls allowing unauthorised use.
  • Equipment failure.
  • Human error.
  • Unforeseen circumstances such as a fire/flood.
  • Hacking attack.
  • ‘Blagging’ offences where information is obtained by deceit.

This policy and procedure will be reviewed regularly to comply with current best practice and advice offered by the Information Commissioner’s Office (ICO). In the event of a breach, the OABF will co-operate, as appropriate, with the ICO and other authorities to minimise the risk to data subjects and to reduce the risk of a breach re-occurring.

This document should be read in conjunction with the OABF’s Information Security Statement.

The following procedure will vary in practice according to the nature and amount of data lost, but consists of 4 elements:

  • Containment and recovery.
  • Assessment of ongoing risk.
  • Notification of breach.
  • Evaluation and response.

This procedure is designed to comply with the GDPR requirement that, breaches resulting in a risk to the rights and freedoms of individuals, should be reported to the ICO within 72 hours and that in a breach resulting in a high risk to the rights and freedoms of individuals the individuals must be informed.

The OABF considers data breaches and potential data breaches as a senior management responsibility to be dealt with in accordance with ICO guidelines.

All staff members are required to comply with this policy and accompanying procedures.

If you suspect a data breach has occurred which may affect you, please contact the OABF Data Protection Officer as soon as possible at or 07783 169718.

are you an OABF member?

Please click the button to log in
or visit: