A personal data breach includes breaches that are the result of both accidental and deliberate causes. They may include:
access by an unauthorised third party – for example, your EMS system/council network being hacked
deliberate or accidental action (or inaction) by a controller or processor – for example, your print supplier failing to process all absent vote data you have sent them, meaning that some electors are disenfranchised because they do not receive their postal votes in time
sending personal data to an incorrect recipient – for example, sending an electoral register to someone who is not entitled to receive it
computing devices containing personal data being lost or stolen – for example, laptops or iPads containing register or election data being stolen
alteration of personal data without permission – for example, a canvasser falsifying canvass responses
You should have robust quality assurance and proof-checking processes in place to help detect any errors and avoid data breaches before they occur.
For example, when producing postal votes, you should have in place a process for checking live proofs, including those for postal proxies.
You should attend the issue of postal votes to check the actual stationery being produced. This will highlight if any of the signed-off proofs have been inadvertently altered.
Once postal votes have been issued, you should monitor returns to ensure that you have received completed postal votes back from every polling district. This will help you identify at an early stage if the issue was incomplete.
We have published guidance containing full details of the quality assurance measures you should have in place.