Jersey OIC

Breach Notification Form

This form is ONLY for organisations to report breaches. If you are an individual and wish to raise a concern about an organisation, please click here to submit your details.

The Data Protection (Jersey) Law 2018 includes a duty on all organisations to report certain types of personal data breach to the Jersey Office of the Information Commissioner (JOIC). You must do this without undue delay, within 72 hours of becoming aware of the breach, not after investigation. Not every breach needs to be reported to our office (although you should keep a record of them). We only need to know about breaches which constitutes ”a risk” to the rights and freedoms of individuals.

Please be assured that any information you provide us with will be treated in confidence. Remember that we are here to help; we can give your advice and support during this difficult time.

Once you have a reasonable degree of certainty that a personal data breach has occurred that has led to personal data being compromised and you think that there is a risk to an individual - notify us using the form below.

If applicable, as and when more details are discovered – please keep us updated.

Does the breach affect people in jurisdictions other than Jersey? *

Yes

Please provide the name(s) of the other jurisdiction(s) and how many people per jurisdiction are affected by the breach. *

Was any special category data involved in the breach? If yes, please ensure it is detailed within 'what personal data has been placed at risk?' *

Data revealing racial or ethnic origin
Data revealing political opinions
Data revealing religious or philosophical beliefs
Data revealing trade union membership
Genetic or biometric data that is processed for the purpose of uniquely identifying a natural person
Data concerning health
Data concerning a natural person's sex life or sexual orientation
Data relating to a natural person's criminal record or alleged criminal activity

Yes

Have you notified any of the people affected by the breach? *

Yes

If no, please advise the reason for not notifying the people affected *

Tell us about the actions taken so far and/or planned to reduce the possible impact on the people affected by this breach * E.g. you have asked the incorrect recipient to delete the information and confirm, or you have issued new account information, or you have notified the people affected etc

Tell us about the actions you have taken and/or will be taking to prevent a breach like this happening again * E.g. revisit or undertake staff training and within what timeframe, or turn off autofill, or implement multi-factor authentication, or apply security patches, or update systems, or improve access controls etc

Attach additional relevant documentation here. Each file must be one of the following types: .txt, .doc, .docx, .pdf, .xls, .xlsx, .jpg, .jpeg or .png and under 30MB. Please upload:

An extract from your breach log detailing this breach
A copy of the personal information that has been breached
If affected people were notified, please include a copy of the notification provided
Any other information you think is relevant e.g. acceptable use policy, retention schedule, training programme, privacy policy etc