Section 01
Purpose
This summary explains how We Are Care responds to a personal-data breach or security incident affecting worker, candidate, client or Baton-supported data. The full incident procedure is held internally.
Section 02
What counts as an incident
Any actual or suspected loss, theft, unauthorised access, alteration or disclosure of personal data or systems, including documents such as DBS, ID and right-to-work records.
Section 03
How to report one
Anyone can report a suspected incident to privacy@wearecare.co.uk, without delay.
Section 04
How we respond
On report, the incident is triaged by Vicky Welfare, contained, assessed for risk to individuals, and logged. Where a breach is likely to result in a risk to people’s rights, we notify the ICO within 72 hours of becoming aware, and we tell affected people where the risk to them is high.
Section 05
Baton’s role
Baton may help capture, log and route an incident and prepare drafts. Decisions on containment, notification and response are made by a person.
Section 06
After an incident
We review the cause, record lessons, and update controls and this summary where needed.
Published at wearecare.co.uk/policies/data-breach-response.