Do I have to report a breach of the Data Protection Act?

Although there is no legal obligation on data controllers to report breaches of security which result in loss, release or corruption of personal data, the Information Commissioner believes serious breaches should be brought to the attention of his Office. Serious breaches are not defined, but the potential detriment to individuals, the volume of data affected and its sensitivity all need to be considered.