Logging a data breach or security incident
A personal data breach is any security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes ransomware attacks, lost USB drives, emails sent to the wrong recipient, and paper records left unsecured.
How to log a breach in Folelse
- 1 Go to Dashboard → Breaches.
- 2 Click + New Breach (bottom right).
- 3 Enter the Breach Title — a short, clear description (e.g. "Laptop containing patient records lost in transit").
- 4 Set the Date Discovered and Date Occurred (if known — they may differ).
- 5 Set the Severity: Low, Medium, High, or Critical.
- 6 Enter the number of Data Subjects Affected (estimate if the exact number is unknown).
- 7 Select the Data Types Affected (e.g. Health Data, Names, NHS Numbers, Financial Data).
- 8 Describe the Root Cause and Containment Actions taken so far.
- 9 Set the Status to "Investigating".
- 10 Click Save.
The 72-hour countdown
As soon as a breach is saved, Folelse starts the 72-hour ICO notification countdown. This timer is displayed prominently on the breach record and on your dashboard. The countdown turns red when fewer than 12 hours remain.
Log the breach immediately when you become aware of it, even if your investigation is incomplete. You can update the record as you gather more information. The ICO expects prompt logging, not a perfect report.
Attaching evidence
Use the Attachments panel on the breach record to upload investigation reports, screenshots, IT forensic findings, correspondence with affected individuals, and your ICO notification confirmation.
Need more help with this?
Contact support