index.html.en - index.html.en

Information on reporting data protection incidents

A data protection incident is a breach of the protection of personal data that leads - unintentionally or unlawfully - to the destruction, loss, alteration or unauthorized disclosure of, or access to, personal data that has been transmitted, stored or otherwise processed.

This can be one of the following scenarios, for example:

• Unwanted publication of personal data on the Internet
• Loss of a laptop, smartphone or USB stick containing personal data
• Theft of documents (physical or electronic) or data carriers
• Unintentional sending of emails to the wrong recipients
• Hacking attack on university servers with unauthorized access to personal data
• Unwanted publication of personal data on the internet
• Sending an email to multiple recipients (e.g. people interested in a university event) in which all recipients are inadvertently visible to each recipient (CC instead of BCC).
• Loss of unencrypted data carriers in publicly accessible locations
• Disclosure of personal data to unauthorized third parties by an employee
  

There is an obligation to report and document data protection incidents

• If a data protection incident is likely to result in a risk to the rights and freedoms of natural persons, it must be reported to the data protection authority within 72 hours of becoming known. If the notification is not made within 72 hours, it must be accompanied by a justification for the delay.
• If a data protection incident is likely to result in a high risk to the rights and freedoms of natural persons, the data subjects must be notified of the incident without delay. The data subjects do not have to be informed if they already have the information.
• If the University of Innsbruck becomes aware of data protection incidents and the University of Innsbruck acts as a service provider, these must be reported to the client immediately.
  Data protection incidents must be documented including all known facts, the effects and remedial measures taken.

What should I do if I suspect a data protection incident at the University of Innsbruck?

Report it immediately to databreach@uibk.ac.at!

Please fill out the registration form to enable a quick assessment of the incident and rapid communication.

• Data protection incident registration form
  

    Note: The template is saved as a Word document and can be filled in and printed out directly on the PC.

A responsible person will contact you promptly (usually within 3 hours) for clarification. If this is not the case, please also contact one of the following offices by telephone:

Data Protection Coordination: +43 512 507 20520 or DW 20523

IT Security Manager: +43 512 507 23010 (if not available: ext. 23005)

Data Protection Officer: +43 7242 2155 65065