We use cookies to track visits to our website

Learn more Accept & close

This site uses cookies - text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity, for example using Google Analytics.

For further information, please visit About Cookies or All About Cookies.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.

For more information about how we use your data, please visit our Privacy Policy.

Step 1 of 5

(this is required)

Step 2 of 5

(this is required)

Step 3 of 5

(if you would like a more personal approach)
Skip

Step 4 of 5

(this is optional)
Skip

Step 5 of 5

Click here to upload CV
(word and pdf docs only please)
Name Edit
Email Edit
Telephone Edit
LinkedIn Edit
CV Change

Thanks for leaving your information, we will be in contact shortly.

Data Breach Handling Procedure

Scope of this procedure
This document aims to explain how Aylin White Ltd will handle the unfortunate event of data breach. How we will aim to mitigate the loss and damage caused to the data subject concerned, particularly when sensitive personal data is involved.

What is a Data Breach?
A data breach is generally taken to be a suspected breach of data security of personal data which may lead to unauthorised or unlawful processing, accidental loss, destruction of or damage to personal data.

How does a data security breach happen?
A data security breach can happen for a number of reasons:

  • Loss of theft of data or equipment on which data is stored
  • Inappropriate access controls allowing unauthorised use
  • Equipment failure
  • Human error
  • Unforeseen circumstances such as a fire or flood
  • Hacking attack
  • ‘Blagging’ or ‘Phishing’ offences where information is obtained by deceiving the organisation who holds it.

 

Process of handling a data breach?
Should an incident of data breach occur, Aylin White Ltd will take all remedial actions to lessen the harm or damage. The following action plan will be implemented:

1. Immediate gathering of essential information relating to the breach
Aylin White Ltd will promptly appoint dedicated personnel to be in charge of the investigation and process. The dedicated personnel shall promptly gather the following essential information:

  • When did the breach occur?
  • Where did the breach take place?
  • How was the breach detected and by whom?
  • What was the cause of the breach?
  • What kind and extent of personal data was involved?
  • How many data subjects were effected?
  • Who needs to be made aware of the breach?
  • Are there any methods to recover any losses and limit the damage the breach may cause?

The dedicated personnel may consider designating an appropriate individual / team (‘the coordinator’) to assume overall responsibility in handling the data breach incident, such as leading the initial investigation, informing relevant parties regarding the breach and what they are expected to do to assist in the containment exercise and the subsequent production of a detailed report on the findings of the investigation. The coordinator may need to report and synchronise with different functional divisions / departments / units and escalate the matter to senior management so that remedial actions and executive decisions can be made as soon as possible.

 

2. Assessing the risk of harm
Some data security breaches will not lead to risks beyond possible inconvenience, an example is where a laptop is irreparably damaged, but its files were backed up and can be recovered. While these types of incidents can still have significant consequences, the risks are very different from those posed by, for example, theft or identity fraud.

Each data breach will follow the risk assessment process below:

  • The kind of personal data being leaked
  • The amount of personal data involved and the level of sensitivity
  • The circumstances of the data breach i.e. online or traceable
  • The likelihood of identity theft or fraud
  • Whether the leaked data is adequately encrypted, anonymised or otherwise rendered inaccessible, e.g. if passwords are needed for access
  • Whether the data breach is ongoing and whether there will be further exposure of the leaked data
  • Whether the breach is an isolated incident or a systematic problem
  • In the case of physical loss, whether the personal data has been retrieved before it can be accessed or copied
  • Whether effective mitigation / remedial measures have been taken after the breach occurs
  • The ability of the data subjects to avoid or mitigate possible harm
  • The reasonable expectation of personal data privacy of the data subject

3. Contacting the interested parties, containment and recovery
Once the risk has been assessed, the dedicated personnel in charge will take actions to stop the breach and if necessary this may involve law enforcement agencies i.e. police.

The following containment measures will be followed:

  1. Stopping the system if the data breach is caused by a system failure
  2. Changing the users’ passwords and system configurations to contract access and use
  3. Considering whether internal or outside technical assistance is needed to remedy the system loopholes and/or stop the hacking
  4. Ceasing or changing the access rights of individuals suspected to have committed or contributed to the data breach
  5. Notifying the relevant law enforcement agencies if identity theft or other criminal activities are or will be likely to be committed
  6. Keeping the evidence of the data breach which may be useful to facilitate investigation and the taking of corrective actions

 

4. Notification of breaches
Aylin White Ltd appreciate the distress such incidents can cause. We endeavour to keep the data subject abreast with the investigation and remedial actions. In case of a personal data breach, without undue delay and where feasible we aim to notify the data subject within 72 hours of becoming aware of the breach and this include informing the ICO (Information Commissioner’s Office).

5. Notification of breaches
It is important not only to investigate the causes of the breach but also to evaluate procedures taken to mitigate possible future incidents. Aylin White Ltd attempt to learn from the experience, review how data collected is being handled to identify the roots of the problem, allow constant review to take place and to devise a clear strategy to prevent future recurrence.

The review will take into consideration:

  • Ongoing improvement of security in the personal data handling processes
  • The control of the access rights granted to individuals to use personal data. Are principals “need-to-know” and “need-to-access” being adopted
  • The adequacy of the IT security measures to protect personal data from hacking, unauthorised or accidental access, processing, erasure, loss or use
  • Ongoing revision of the relevant privacy policy and practice in the light of the data breach
  • The effective detection of the data breach. The keeping of logs and trails of access enabling early warning signs to be identified
  • The strengthening of the monitoring and supervision mechanism of data users, controllers and processors
  • Review of the ongoing training to promote privacy awareness and to enhance the prudence, competence and integrity of the employees particularly those who act as controllers and processors
  • Review of this policy and procedures listed.

client testimonials

Axis and Aylin White have worked together for nearly 10 years. We have formed a strong relationship, allowing the Aylin White team to build up a clear understanding of what our business needs both technically and in terms of company core values. We have been able to fill estimating, commercial, health and safety and a wide variety of production roles quickly and effectively.

Paul Oakman
UK Director - Axis M&E UK

Building surveying roles are hard to come by within London. However, thanks to Aylin White, I am now in the perfect role. I am surrounded by professionals and able to focus on progressing professionally.

Reiss Thompson
Building Surveyor

Aylin White was there every step of the way, from initial contact until after I had been placed. It was a relief knowing you had someone on your side.

Kirk Watt
Mechanical Manager

Aylin White offer a friendly service, while their ongoing efforts and support extend beyond normal working hours.

Lee Dover
M&E Project Director - Axis M&E UK

From the first conversation I had with Aylin White, you were able to single out the perfect job opportunity. All the info I was given and the feedback from my interview were good. I'm enjoying the job opportunity that I took and hopefully I am here for many more years to come

Richard Emmett
Project Manager (Mechanical)

I have got to know the team at Aylin White over the years and they have provided a consistent service with grounded, thoughtful advice. They also take the personal touch seriously, which makes them very pleasant to deal with!

Robert Thorne-Henderson
Director - Development & Portfolio Valuations

Aylin White is genuine about tailoring their opportunities to both candidates and clients. Having met up since my successful placement at my current firm to see how I was getting on, this perspective was reinforced further. I would recommend Aylin White to both recruiting firms and individuals seeking opportunities within the construction industry.

Matt Davis
Cost Consultant

Aylin White work hard to tailor the right individual for the role. I have been fortunate to have been a candidate for them as well as a client and I can safely say they work just as hard for both to make sure that technically and culturally there is a good fit for the needs of the individuals and companies involved.

Cullum Alexander
Associate Director - Faithful + Gould

Aylin White has taken the time to understand our culture and business philosophy. They have therefore been able to source and secure professionals who are technically strong and also a great fit for the business.

John Boxall
Partner – Jackson Coles