Information risk and impacts to individuals following personal data breaches

This guidance provides more detailed information governance (IG) advice on the potential negative impacts or risks to individuals when different types of information are breached. It explains the actions that patients, health and care professionals and information governance professionals may need to take in the aftermath of a breach to limit its effects on impacted individuals and their information.

For guidance on what a personal data breach is and the steps that need to be taken if a breach occurs including risk assessing and reporting, read our guidance on personal data breaches.

Guidance for patients and service users

ARTICLE

Information risk and impacts to individuals following personal data breaches guidance for patients and service users

This guidance provides detailed information on the potential negative impacts or risks associated with the breach of certain types of information and actions that may need to be taken

Guidance for health and care professionals

ARTICLE

Information risk and impacts to individuals following personal data breaches guidance for health and care professionals

This guidance provides detailed information on the potential negative impacts or risks associated with the breach of certain types of information and actions that may need to be taken

Guidance for IG professionals

ARTICLE

Information risk and impacts to individuals following personal data breaches guidance for IG professionals

This guidance provides detailed information on the potential negative impacts or risks associated with the breach of certain types of information and actions that may need to be taken

These IG pages provide clear and consistent IG advice and guidance to patients and service users, health and care staff and IG professionals. NHS England convenes a working group to check and challenge the guidance.

Last edited: 11 May 2026 1:16 pm