Report a data breach or a security incident
Electoral Services information
17 March 2022
We are aware that some voter information has been sent to the wrong email addresses. All those affected will receive the correct information and we are urgently looking into this matter and all those affected will be contacted.
We apologise for this error.
A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal or sensitive data.
What is a data breach
Some examples of data breaches include:
- Personal or sensitive personal data emailed, posted or faxed to an unintended recipient, such as a letter containing social care information
- Loss of records which are read by an unauthorised person, for example a file lost containing personal or commercially sensitive information
- Information not kept secure, for example correspondence left on a bus or train
- Loss of a laptop or mobile phone which contains personal or sensitive information
- Papers containing personal or sensitive information, which are due for destruction are not properly disposed of
How to report a data breach or a security incident
You can report a data breach or other security incident:
- Online: submit our online form
- By phone: if the matter is urgent and out of office hours, phone on 020 8871 6000
We are not resourced to investigate fully suspected data breaches or security incidents out of normal office hours. However, wherever necessary and possible, steps will be taken to address the cause of the breach and seek to rectify it quickly.
You will need
To report a suspected personal or sensitive data breach, or other security incident, you will need to:
- Please provide as much detail of the incident as possible
- State if this an urgent matter (for example discovery of papers containing personal or sensitive information on the street)
- Specify the location of the issue
What happens next
We have robust breach detection, investigation and internal reporting procedures in place.
Addressing the cause of the breach, and seeking to rectify it quickly, is a high priority.
If a breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms (for example through identity theft) we will inform those individuals as quickly as possible.