Data Protection Breach Reporting policy

As a Chambers, we are responsible for ensuring that personal data processed by the Chambers is not:

  • Accessed without authority;
  • Processed unlawfully;
  • Lost;
  • Destroyed; or
  • Damaged

Nevertheless, we realise that from time-to-time things may go wrong and we might fail to achieve one or more of our data protection responsibilities.

If this does happen, it is essential that we take steps to try to put things right. However, we can do this only if we know that there has been a problem.

Therefore, everybody within Chambers has a duty to report any actual or suspected data breach, regardless of whether they have discovered the breaches or have caused them.

What is a data protection breach?

A data protection breach is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”

Data protection breaches can happen for a wide range of reasons, including:

  • Human error;
  • Cyber-attacks;
  • Loss or theft of devices or equipment on which personal data is stored;
  • Inadequate or inappropriate access controls;
  • Deceit; and
  • Disasters at Chambers’ premises, for example, fire or flood.

If you are unsure whether a particular circumstance or incident constitutes a data protection breach, please refer the matter urgently to your line manager or another appropriate manager in their absence for guidance.

Reporting of data breaches by barristers, pupils & staff

Barristers & Chambers

Although as data controllers Barristers are under no regulatory obligation to report a breach to Chambers and are responsible individually for compliance with the notification and reporting obligations of the GDPR, nonetheless Chambers recognises the role undertaken by Chambers as a Data Processor and acknowledges an obligation to support Data Controllers in those cases where it is appropriate to do so. In the case of a data breach caused by a member of chambers the Barrister is requested to report the breach to the Senior Clerk. Chambers will, in their capacity as data processor, support any Barristers reporting and managing data breaches.

Reporting a personal data breach

All personal data breaches involving pupils and staff must be reported to THE SENIOR CLERK immediately upon discovery.

Reports should be made by email to the Senior Clerk. When making a report, please detail:

(1) the nature of the suspected breach e.g. theft , loss or destruction

(2) the nature of the data involved (e.g. sensitive, personal, commercial)

(3) the scope of the breach (e.g. single client, multiple client, internal data)

(4) a description of events

(5) any chambers staff, barristers or other persons involved

(6) when the breach occurred

(7) details of any relevant authorities (e.g. police) informed and

(8) any other relevant information.