This form is for public electronic communications service providers to report a breach of security or send their completed monthly breach log to the ICO.
We will use the information you provide to record the breach and, if necessary, to investigate further. We may share the information with other law enforcement or regulatory bodies where necessary.
Before completing this form, you should read our guidance on security breaches. You do not need to complete
this form if by doing so you would breach an enactment, court order or certificate signed by a Minister of the Crown that allows you to withhold the information for national security purposes.
You must provide the information marked with an asterisk (*).
If there have not been any personal data breaches during this month, you can email us to confirm a 'nil return' to firstname.lastname@example.org. As nil returns do not need to be sent securely, you do not need to use this form.
If there have been personal data breaches, please attach your completed breach log below.
Use this form for the first notification within 24 hours of detecting a breach.
You should provide the following information now, if possible. If not, you must send a second notification form within three days.
You should have already sent an initial notification with as much information as possible. Please now provide further detail.
If you cannot provide any of the information we ask for at this stage, you should explain why, and submit a follow-up form as soon as possible including those details.
When did this incident occur?*
You should now have already sent an initial notification and second notification with as much information as possible.
Please now provide any further remaining details.
Please attach any other relevant supporting information.
Please enter the number in the box below.
To send this form securely to the ICO
Need help? 0303 123 1113