Neurodivergent Speech Therapist in Kent - Jamie Louise Hollis - ADHD SLT

Data breach policy

Date Reviewed: 12th march 2026

Effective Date: 2nd November 2023

Next Review Due: 12th march 2027

1: introduction

I, Jamie Louise Hollis, am the practitioner at ADHD SLT, safeguarding personal data is essential to my practice. This Data Breach Policy outlines how I handle data breaches involving personal data, ensuring compliance with data protection laws and maintaining the trust of my clients.

2: definition of a data breach

A data breach is any incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data. This can include:

  • Unauthorized access to personal data.
  • Loss or theft of data, whether physical or electronic.
  • Accidental deletion or alteration of personal data.
  • Cyberattacks or hacking incidents.

3: Responsibilities

  • My Role: As the owner and sole practitioner, I am responsible for overseeing and managing any data breaches, including investigating the incident and taking appropriate action.

4: reporting a data breach

If I suspect or identify a data breach, I will take the following steps:

I will assess whether the breach is likely to result in a risk to the rights and freedoms of individuals. This assessment will consider the sensitivity of the data involved, the likelihood of misuse, and the potential impact on affected individuals.

  • If I become aware of a potential data breach, I will immediately record the details of the incident and begin the breach response procedure.
  • Containment: I will immediately act to contain the breach, such as stopping unauthorised access or preventing further data loss. 
  • Containment may include actions such as securing affected devices, changing passwords, restricting access to systems, retrieving incorrectly shared information where possible, or disabling compromised accounts.
  • Assessment: I will assess the severity of the breach, including:
  • The type and amount of data involved.
  • The potential consequences for individuals.
  • The likelihood of harm resulting from the breach.
  • All data breaches, whether reportable to the ICO or not, will be recorded in a data breach log including the nature of the breach, actions taken, and the outcome of the risk assessment.

5: notification

If the breach poses a risk to the rights and freedoms of individuals, I will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. This notification will include:

  • A description of the nature of the breach.
  • The categories and approximate number of individuals affected.
  • The likely consequences of the breach.
  • Measures taken or proposed to address the breach.
  • Affected Individuals: If the breach is likely to result in a high risk to individuals, I will notify them without undue delay.
  • Where individuals are notified, the communication will include advice on steps they can take to protect themselves.
  • The notification will include:
  • The nature of the breach.
  • The likely consequences.
  • Measures taken or proposed to mitigate the risks.

6: Investigation and Remediation

  1. Investigation: I will conduct a thorough investigation to determine the cause of the breach, the extent of the damage, and any actions required to address the breach and prevent recurrence.
  2. Remediation: I will implement corrective actions to address vulnerabilities identified during the investigation and enhance data security measures. This may involve updating policies, improving practices, or strengthening security controls.
  3. Documentation: I will document all steps taken in response to the breach, including the investigation, notifications, and remediation actions. This documentation will be kept for review and compliance purposes.

7: review and document

After addressing the immediate consequences of the breach, I will review the incident to identify lessons learned and areas for improvement. I will update the Data Breach Policy as needed to reflect changes in practices or legislation.

8: Training and Awareness

I will ensure that I stay updated on data protection practices and breach response procedures through regular training and professional development.

All devices used to store or access client data are protected by passwords and appropriate security measures to reduce the risk of unauthorised access.

9: contact

For any questions or concerns about this Data Breach Policy, please contact me directly:

Jamie Louise Hollis
Email: adhdslt@outlook.com

10: policy review

This policy will be reviewed annually or sooner if significant changes occur.

Signed: Jamie Louise Hollis, ADHD SLT
Job Title: Speech and Language Therapist, Speech and Language Therapy BSc, MHCPC, MRCSLT

Back to Policies