Reporting a new privacy incident or breach — incident type and governing authority, discovery, cause, linked subject, and affected scope
Last updated: July 12, 2026 by Steve
Creating Incidents
Reporting an incident is intentionally low-friction so front-line staff can log a privacy breach or security incident quickly, then refine it later. You need the incident-report permission. From the Incidents dashboard, choose Report incident to open the dialog. Nothing you enter here is final — every field can be edited in the incident detail panel after the record is created.
Reporting an Incident
- Pick an Incident type if more than one is configured. The type carries a governing authority — the Act or regulation that applies — shown as a read-only field. If the chosen type has no governing authority mapped, a warning appears and you cannot submit; an administrator must map the type to a legal authority first.
- Enter a Title (required) and an optional Description.
- Set Discovered on. It defaults to today and cannot be a future date.
- Optionally choose a Cause type from the configured taxonomy, and add a free-text Cause / circumstances narrative describing what happened.
- Optionally link a Privacy subject (the reusable record or system the incident concerns), enter the number of affected individuals, and select the categories of personal information involved.
- Select Report incident to save.
The incident is created in the first lifecycle stage (Active) and opens in the detail panel, where the deeper work is done.
(screenshot placeholder — capture: the Report incident dialog with the incident type, read-only governing authority, title, discovered-on date, cause type, and linked privacy subject fields)
The Governing Authority Requirement
Every incident must be anchored to a legal authority so that its statutory notification obligations can be calculated later. The governing authority comes from the incident type, not from a field you fill in. If you pick a type that an administrator has not mapped to a legal authority, the dialog blocks submission and shows a warning. Choose a different type, or ask an administrator to map the type before reporting.
Linking a Subject from the Directory
When you start from a subject's Incident history tab and choose Create incident, the report dialog opens with that privacy subject already linked to the new incident.