What is data breach and when can it occur?


    A data breach essentially occurs when information Council holds is subject to unauthorised access, disclosure or is lost to circumstance where loss is likely to result in unauthorised access or disclosure. Examples of a data breach include:

    • Accidental loss or theft of private information or equipment on which such information is stored (e.g. loss of paper record, laptop, iPad or USB stick);
    • Unauthorised use, access to or modification of data or information systems (e.g. sharing of user login details (deliberately or accidentally) to gain unauthorised access or make unauthorised changes to data or information systems);
    • Unauthorised disclosure of personal information (e.g. email sent to an incorrect recipient or document posted to an incorrect address or addressee), or personal information posted onto the internet without consent;
    • Compromised user account (e.g. accidental disclosure of user login details through phishing); 
    • Failed or successful attempts to gain unauthorised access to Council’s information or information systems;
    • Malware infection; or
    • Disruption to or denial of IT services.