Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Accept all cookies Reject all non-essential cookies Find out more

How to Report an Incident, including suspected and actual Breaches?

injecting insulin into finger

An “Incident” is any event that poses or could poses risk to the security, integrity or confidentiality of Department information. An Incident includes actual breaches of confidentiality as well as security ones. Refer to this PDF for examples of reportable incidents. 

 

1. Reporting incidents:

Members of the Department must report actual or suspected Incidents, including all breaches, to the University Data Breach Team as follows

 

  1. Log the Incident using the PHC Incident Referral Form;
  2. Email the completed referral form immediately to: data.breach@admin.ox.ac.uk
  3. Always include these individuals on the “Cc” line of the referral:
  • The Department Line Manager of the person referring the Incident; 
  • The Information Asset Owner for the Department data set, which is the subject of the Incident; and
  • The Department IG Manager (IGM) using this email account: datasecurity@phc.ox.ac.uk.

 

2. Reporting Tips:

  • Report Incidents even if it is not clear whether they need referred.
  • Do not delay reporting any Incident in order to obtain more information.

 

 3. Reporting review/disposition:

In response to an Incident referral, the Department coordinates with the University Breach Team to review the referral and take action as needed.

 

The IGM (Phil Nieri) will support the designee from the Department research area whose data set is the subject of the Incident review. The IGM will also escalate notice of reported breaches to the IT/G Head (John Briggs) and the Senior Information Risk Owner (SIRO – Nicola Small) and report updates remediation taken in response to such referrals.

The University of Oxford Information Security team is available to provide additional information and/or assistance here:

https://compliance.admin.ox.ac.uk/staff-guidance-on-data-breaches

https://www.infosec.ox.ac.uk/incident-management

or https://www.infosec.ox.ac.uk/report-incident