The aim of this document is to ensure that in the event of a security incident such as data loss, all information can be gathered to understand the impact of the incident and what must be done to reduce any risk to customers and/or Places for People Group.
The checklist can be completed by anyone with knowledge of the incident. It will also require review by the Investigating Team / Data Protection Officer who can determine Data Protection Act implications and assess whether changes are required to existing business processes and on notification is appropriate to the Information Commissioners Office.
1. When did the incident happen?
2. How did the incident happen?
3. When and how did the process fail?
4. Who was involved and when to contain and recover from the incident i.e. technical
5. What measures were taken to prevent the incident reoccurring?
6. Has the issue been signed off as resolved? If so, in this instance, if the PII has been breached by a third party data processor - provide evidence that all technical and operational risks have been identified, and provide assurances that this failure will not reoccur.
How many individuals have been affected by this incident?
Are those affected aware that this incident has occurred?
What are the potential consequences and adverse effects on those individuals?
Have any affected individuals complained to the organisation about the incident?
Has the data placed at risk now been recovered? If so, please provide details of how and when this occurred.
What steps has the organisation taken to prevent a recurrence of this incident?
Please attach an improvement plan if necessary (attachments section at the end)