About our site

HomeAbout usAbout our siteData Protection and FOIData breach management

Reporting a data security breach/incident

Report a data breach

It is vitally important that you report any data breach as soon as possible to the Information Governance Team.

Information about data breaches and links to our breach reporting form can be found:

  • On our SharePoint Site for Staff here.
  • On our SharePoint Site for Students here.

Our mailbox is actively monitored throughout the work day and someone from Information Governance will get back to you as soon as possible following a report.

If you are not a member of staff or a student please email the Information Governance Team and we'll be in touch. Your support is greatly appreciated.

If you wish to follow up on a breach you have reported or provide additional information, please contact the Information Governance Team at InformationGovernance@exeter.ac.uk. If you already have a reference number we'd be grateful if you could include it in the email subject so that we can quickly locate your case.

Theft and break-ins

Theft of equipment and physical break-ins should also be reported to the University Estate Patrol telephone: 01392 723999; report an incident.

Examples of data breach

  • The loss or theft of data in any format (eg papers taken from car, post intercepted, unauthorised download)
  • Loss or theft or equipment used to store University information (eg laptop, smartphone, USB stick)
  • Inappropriate access controls allowing unauthorised access
  • Compromised IT user account (eg spoofing, hacking, shared password)
  • Blagging where information is obtained by deception (a person claims to be someone else over the phone)
  • Accidental or unauthorised disclosure of University information (eg email or letter to wrong recipient or incorrect system permissions/filter failure)
  • Corruption or unauthorised modification of vital records (eg alteration of master records)
  • Computer systems or equipment compromise (eg virus, malware, denial of service attack)
  • Break-in at a location holding sensitive information or containing critical information processing equipment such as servers.

University Data Protection Officer

Brenda Waterman
Information Governance Manager and Data Protection Officer
The University of Exeter
Compliance, Governance & Risk
c/o Northcote House
The Queen's Drive
Exeter
EX4 4QJ

Email: dataprotection@exeter.ac.uk
Tel: 01392 727510