Skip to main content

Communicating with empathy after a data breach

Data protection has never been about computers or robots – it's about people. The information you are trusted with reflects individual lives. To some organisations, a data breach might seem like a temporary setback - something that can be patched up with technical fixes and compliance reviews. But from the perspective of individuals - especially those in vulnerable situations - a breach can have a far-reaching ripple effect that disrupts their lives in ways that some may not fully appreciate.

As an organisation, you have a role to stop this ripple effect in someone’s life from spreading further. It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again.

At the ICO, we are committed to protecting individuals, especially those who are most at risk of harm from data breaches. But this cannot be done alone. We need organisations to step up, to do better, and to recognise the critical importance of data protection in safeguarding people’s lives.

In the event of a data breach, we’re asking you and your frontline colleagues to:

  • Promptly assess the risks to the individuals involved, including your reporting and notification duties.
  • Acknowledge what has happened with the person affected by a breach.
  • Be human and accessible in your response and commit to making sure it doesn’t happen again.
  • Share our simple guidance with people affected by a breach.
  • Share our toolkit of resources with your staff to help change the culture and ensure that empathy is at the heart of your response.

Resources