Report a data breach
Last modified on 10-03-2025 16:40
Have you discovered a data breach or data leak? Report it immediately.
Show information for your study programmeor
What is your study programme?
What is a data breach?
A data breach (or data leak) is a security incident involving the loss, alteration or unauthorised disclosure of personal data. Unauthorised access also counts as a data breac. It need not be the result of malicious intent. A data breach can take different forms, such as:
- sending an email or letter containing personal data to the wrong person
- losing data carriers or documents containing personal data (even if they are password-protected)
- theft of data carriers or documents containing personal data
- unauthorised access to personal data, e.g. by employees or hackers
- documents containing personal data accidentally visible to others
When to report a data breach
In principle, every data breach must be reported to the Dutch Data Protection Authority within 72 hours. Reporting is not required if there is no risk to individuals' rights and freedoms.
If the leak or breach is high-risk, affected individuals must be informed, unless:
- the data was encrypted or otherwise well secured
- measures were taken afterwards to eliminate the risk to individuals
- notifying individuals would require disproportionate effort, in which case a public notice is sufficient
How to report a data breach
Report a data breach immediately to ICTS:
- T: +31 (0)20 525 1402
- E: servicedesk-icts@uva.nl
- Outside office hours: cert@uva.nl,+31 (0)20 525 3322
Always state:
- a description of the breach
- how you discovered it
- the extent of the breach
Contact
Servicedesk ICT Services
The Servicedesk ICT Services is there to help you with all your ICT questions and problems. Contact the Service Desk via serviceportal.uva.nl.