Data incidents#

Purpose#

Data incidents such as

must be investigated to determine whether any action needs to be taken.

This procedure covers data incidents for all projects running in the Turing TRE.

Role	Responsibility
Turing data protection representative	Deciding on appropriate action
Trusted research lead	Deciding on appropriate action
🧑‍🔬 Project team representative	Deciding on appropriate action
🧑‍🔧 Trusted research system administrator representative	Deciding on appropriate action
🧑‍💻 Trusted research data manager representative	Deciding on appropriate action

A data incident meeting should be called as soon as possible after any team member becomes aware of a potential incident. The following people should be invited
- Turing data protection representative
- 🧑‍⚖ Trusted research lead
- One or more representives of the system administrator team
- One or more representives of the data management team
- One or more representives of the 🧑‍🔬 Project team
A decision should be taken during this meeting about what action needs to be taken This may involve, for example:
- shutdown of a TRE
- suspension of a user from the TRE (permanently or temporary)
- removal of data from a TRE
- referral to the ICO
Someone attending the meeting should be assigned to write a report summarising the reason why the incident occurred and recommending any remedial actions or changes to processes if appropriate.
- Navigate to information_governance ‣ incident reports in Sharepoint
- Make a copy of the YYYY-MM-DD_report_template.tex template with an appropriate name
- Write up your report of the incident using the template’s suggested headers, but feel free to add as much or as little information as is required for the particular incident
The report should be shared with everyone who was invited to the incident meeting for comment
- Amend the report if necessary
- Convert the report to PDF using the make_pdf.sh script