Privacy

Data Breach

A security incident that leads to the unauthorized access, disclosure, or loss of personal data.

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Types of Breaches

  • Confidentiality breach — unauthorized or accidental disclosure of or access to data
  • Integrity breach — unauthorized or accidental alteration of data
  • Availability breach — accidental or unauthorized loss of access to or destruction of data

Notification Requirements

Under GDPR:

  • Supervisory authority — within 72 hours of becoming aware (unless unlikely to result in risk)
  • Data subjects — "without undue delay" if the breach is likely to result in a high risk to rights and freedoms

See also breach notification.

GDPR Articles 4(12), 33, and 34.

Related Terms

Personal DataPrivacy

Any information that can identify a living individual, directly or indirectly.

Data ControllerPrivacy

The entity that determines the purposes and means of processing personal data.

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

Breach NotificationCompliance

The legal obligation to inform authorities and affected individuals when a personal data breach occurs.

DPOData Controller