GDPR - How to recognise a data breach

GDPR - Recognising and reporting a data breach

What is GDPR and why is it important?

General Data Protection Regulation (GDPR)

The GDPR came into force on 25 May 2018. It’s the biggest shake-up in privacy and data protection law in over 20 years.

Centrica places the utmost importance on the security of the information that we hold about our customers, employees and business partners. Our data is a significant asset to Centrica, so we must protect it accordingly.

This is why it is important to report an actual or suspected data breach as soon as you become aware of it. In this module we focus on how to recognise a data breach and how to report it in Centrica.

Recent data breaches in the headlines

You will recognise these examples of large organisations who have hit the headlines in recent years following big data breaches. You will be aware of the recent on-going case with Facebook who have allegedly misused their Customers’ data, with an estimated 87million Customer records said to have been compromised.


Yahoo

In 2016 Yahoo hit the headlines on 2 separate occasions, they were responsible for the two biggest data breaches of the year, experts now report that the total number of customer records leaked by Yahoo reached 3 billion. This case is significant because the original breach in fact happened in 2013, but was not discovered or reported for several years. 


Uber

Uber were accused of deliberately trying to hiding a similar data breach. These cases could attract multi-million dollar fines for these companies under the new GDPR laws.

Our customers trust us to secure their data, a breach like this at Centrica would damage customer trust and our reputation dramatically and could threaten our survival.

So we are all responsible for doing everything we can to protect the data we hold on behalf of our Customers, our employees and our company.

How do I report a data breach in Centrica?

Centrica’s Data Protection Officer (DPO) is Lasse Seidel

The GDPR requires that Centrica's Data Protection Officer:

  • Reports a personal data breach to the lead supervisory authority within 72 hrs of becoming aware of it.
  • He must also inform individuals who’s data has been affected, without undue delay.

Speak Up

Alert your line manager & our DPO immediately if you become aware of an actual or suspected Data Breach

[email protected]
and cc: [email protected]

Types of data breaches and examples

The definition of a personal data breach:

"A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data"

Confidentiality breach - Accidental or unauthorised disclosure of, or access to, personal data

Availability breach - Accidental or unauthorised loss of access to, or destruction of, personal data

Integrity breach - Accidental or unauthorised alteration of personal data.

Categories of data breaches

  1. Loss or theft of data or equipment on which data is stored

  2. Inappropriate access controls allow unauthorised access to data



  3. Unavailability of data





  4. Hacking attack






  5. Data obtained by deception

examples

  1. e.g. You might lose a corporate device upon which a database of employee information has been stored.
  2. e.g. Someone may have the wrong permissions granted to them and they are able to access a designated file share which they shouldn’t be allowed to access containing Customer records.
  3. e.g. If data is unavailable, this also may constitute a personal data breach, for example If equipment fails, or unforeseen circumstances such as a fire or flood render the data inaccessible to those that need it like our customers.
  4. e.g. A cyber attack or hacking attack, for example someone clicks on a link in an email which downloads ransomware onto the network, this in turn compromises Centrica databases by allowing unauthorised individuals to access personal data of our Customers.
  5. e.g. This is known as social engineering, where personal data or credentials are inadvertently given away to a criminal.

If you suspect it, report it!

Centrica staff:    [email protected] and cc: [email protected]


Bord Gais:           [email protected] 

If you suspect a data breach please report it to the privacy team and the crisis management team immediately.

Further help

Centrica places the utmost importance on the security of the data we hold about our customers, business partners and employees.

Data is one of our most valuable assets, please take great care to keep this data safe.

If you have any further questions, please contact: [email protected]