Data breaches

We all lose something once in a while. If our institute loses (personal) data, then it’s referred to as a data breach.

Data breaches

HKU is obliged to report ‘data breaches’. But what are they exactly?
A data breach means that data is temporarily or permanently outside our influence. For example:
  • a USB stick that has gone missing, which had student or staff data on it
  • an email containing personal data has been sent to the wrong recipient
  • a box of documents containing personal data has been put out with the ordinary rubbish
  • personal data has been made public following unauthorised access to business systems
Nearly 12,000 data breaches were reported in the Netherlands in 2019.

HKU has a protocol for reporting possible data breaches. We make a record of all the reports. If there’s a risk of negative consequences for the parties concerned, we report the data breach to the Dutch Data Protection Authority (DPA). Some data breaches are more serious than others. Depending on the risk, we inform the people whose data it concerns.

If in doubt, report it! 

We’d rather have too many reports than too few. By reporting a possible data breach, you’re helping to identify weak spots in HKU’s data protection.

Where to report data breaches

Possible data breaches can be reported to HKU’s Computer Emergency Response Team (CERT):


Telephone: 030 – 209 12 09