Details of Controller/ Processor
Organization Name :
Contact Person Name :
Contact Number
Email Address
Other Contact Details:
Details of the Breach
Description of Data Breach:
Categories of persons affected by the data breach (e.g. customers, patients, employees, clients, children, vulnerable groups; etc.)
In addition, please select any categories that apply:
Financial Data
Identity Information
Tax Pin Information
Contact Information
Home address, Telephone address, email
Health Information
Other sensitive information
Additional details of the type of personal information involved in the data breach
Provide a detailed description of any action, including remedial action, you are taking, or intend to take to assist data subjects whose personal data was involved in the data breach.
(a) Short-term Measures (Immediate Actions):
Outline the immediate steps taken to secure the data and limit any potential damage.
(b) Medium-term Measures (System Improvements):
Detail the actions planned or in progress to strengthen data security systems.
(c) Long-term Measures (Policy and Training):
Describe the strategies for enhancing organizational data protection policies, including staff training programs on data security, updating incident response plans, and regular compliance reviews.
Provide detailed description of any action you have taken, or are intending to take, to prevent reoccurrence
Section: Communication with Data Subjects
If yes, please attach a sample of the communication sent to data subjects
If no, please provide a detailed explanation as to why communication has not occurred.
Specify the steps your organisation/ agency recommends that individuals take to reduce the risk that they experience serious harm as a result of this data breach
Other entities affected: (if the data breach described above was also a data breach of another organisation, provide their identity and contact details)
Date the breach occurred: (provide your best estimate if the exact date is not known)
If No, please specify why :
Date the breach was discovered (provide your best estimate if the exact date is not known)
Primary cause of breach :
Malicious or criminal attack
System Fault
Human Error
Other
If other, please specify.
Description of how the data breach occurred
Number of data subjects whose personal data is involved in the data breach :
1-10
11-100
101-1,000
1,001-10,000
10,001-100,000
100,001-1,000,000
Exact number of data subjects whose personal data is involved in the breach (please provide your best estimate) :
Is there any other information you wish to provide at this stage, or any matters that you wish to draw to the ODPC’S attention?
List of any other data protection authorities, law enforcement bodies or regulatory bodies that you have reported, or intend to report, this data breach to :
Attach Copy of Report to Other Regulator or Institution: such as police or data protection authorities.
If you request any information in this form be held by the ODPC in confidence, please provide further information to support the request. The ODPC will respect the confidence of commercially or operationally sensitive information provided voluntarily in support of a data breach notification, and will only disclose this information after consulting with you, and with your agreement or where required by law.
Attachments
Please attach any relevant documents that support your notification and actions regarding the data breach. This can include but is not limited to: (a) Sample Agreements (b) Incident Response Policy
Additional Provisions
Attach Incident Report: A section for uploading a detailed incident report.
Review and Submit :
Submit Notification of Data Breach
