How to Report an Incident, including suspected and actual Breaches?

An “Incident” is any event that poses or could poses risk to the security, integrity or confidentiality of Department information. An Incident includes actual breaches of confidentiality as well as security ones. Refer to this PDF for examples of reportable incidents.
1. Reporting incidents:
Members of the Department must report actual or suspected Incidents, including all breaches, to the University Data Breach Team as follows
- Log the Incident using the PHC Incident Referral Form;
- Email the completed referral form immediately to: data.breach@admin.ox.ac.uk
- Always include these individuals on the “Cc” line of the referral:
- The Department Line Manager of the person referring the Incident;
- The Information Asset Owner for the Department data set, which is the subject of the Incident; and
- The Department IG Manager (IGM) using this email account: datasecurity@phc.ox.ac.uk.
2. Reporting Tips:
- Report Incidents even if it is not clear whether they need referred.
- Do not delay reporting any Incident in order to obtain more information.
3. Reporting review/disposition:
In response to an Incident referral, the Department coordinates with the University Breach Team to review the referral and take action as needed.
The IGM (Phil Nieri) will support the designee from the Department research area whose data set is the subject of the Incident review. The IGM will also escalate notice of reported breaches to the IT/G Head (John Briggs) and the Senior Information Risk Owner (SIRO – Nicola Small) and report updates remediation taken in response to such referrals.
The University of Oxford Information Security team is available to provide additional information and/or assistance here:
https://compliance.admin.ox.ac.uk/staff-guidance-on-data-breaches