What is a Data Breach?
A Data Breach is an incident that involves sensitive, protected or confidential data that has potentially been viewed, stolen or used by an unauthorized individual. For instance, if a USB drive or another data storage medium that contains personal data is lost. Other examples of a Data Breach include, theft of a business cell phone or sending documents containing personal data to the wrong person.
What is personal data?
Personal data is information that relates to an identified or identifiable individual (natural person) such as an individual's name, address, birth date, bank account details, telephone number or customer ID.
Examples for Data Breaches that have to be notified to the authorities:
- A list containing names and private contact details of OSRAM employees is accidentally sent to the wrong recipient.
- Hackers (potentially) gain access to an OSRAM customer database.
- A department is moving offices. Parts of a cargo including hard copy documentation with employee personal data are addressed to the wrong building. As a result, giving unauthorized persons access to personal data.
- Lists containing personal information of OSRAM employees are thrown in the regular trash instead of confidential bins for secure disposal.
- A service provider is given access to the entire customer relationship tool containing hundreds of customer personal information even though this is not a requirement to perform the services.
- Due to a software bug, personal information stored in a customer portal are accessible to other users without prior registration or approval.
What does it mean if a Data Breach has to be notified?
Depending on the exact nature of the incident, OSRAM may be required to notify the appropriate authorities. In some cases, notification to the affected individuals and the impact on their right to Privacy, might be a requirement.