Data breach Template letter

Appendix 2 - Suggested wording when notifying data subjects of a breach

Template Letter

Dear [ ]

The NHS Counter Fraud Authority (NHSCFA) as an organisation takes all appropriate organisational and technical measures to keep your personal information safe and secure.

We respect the privacy of your information which is why, as a precautionary measure, we are writing to inform you of a data security incident that [may involve/involves] your personal information.

Between/On [identify time period of breach], [briefly summarise the breach incident].

The data accessed [may have included/included] personal information such as:

[Identify the type of personal information] OR To our knowledge, the data accessed did not include any [identify the types of personal information NOT involved].

NHSCFA values your privacy and deeply regrets the occurrence of this incident. We are conducting a thorough review of those potentially affected [records/files/computer system/identify other] and will notify you if there are any significant developments.

The organisation has [include details of what action has already been taken to respond to the risks posed by the breach]. We have implemented additional security measures designed to prevent a recurrence of [such an attack/incident] and to protect the privacy and security of NHSCFA information and systems.

NHSCFA is working closely with Information Commissioners Office (ICO) [and name of other data controller(s)/police (if appropriate)]

Please also see the enclosed personal information toolkit booklet from ICO, for further information on steps you can take to protect your information.

Further information and assistance and can sought contacting [insert contact details of appropriate NHSCFA representative]

Yours sincerely

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!