LEGALLY PRIVILEGED AND CONFIDENTIAL
DATA PROTECTION INCIDENT REPORT
To be completed by the Information Owner or their nominee and sent to the Records Management Office.
Please note that any emails or other documents prepared in connection with this incident must be
headed LEGALLY PRIVILEGED AND CONFIDENTIAL. Circulation of such documents must be restricted to
those directly involved in investigating the incident. Please do not reference any data subjects by name
in this report.
Report completed by
[name, job title]
Date of report
1 Description of data lost, stolen, released or corrupted [include examples of type of data and volumes
of records affected]
2 Circumstances of the loss, theft, release or corruption [include timing of events; location; IT hardware
and applications involved; details of actions taken to date eg anyone who has been contacted in relation
to the incident] DO NOT CONTACT INDIVIDUALS WHOSE PERSONAL DATA HAS BEEN COMPROMISED
UNTIL ADVISED BY