Guernsey’s Office of the Data Protection Authority (ODPA) has published the latest breach statistics with twenty-six personal data breaches reported during September and October 2021.
This is the second lowest figure since statutory breach reporting was introduced.
More than half of the reported breaches (14 incidents) were due to personal data being sent to the incorrect recipient either by post or email. This category is consistently responsible for the highest number of reported breaches, highlighting again the role that we can all play in preventing a data breach.
Cyber incidents resulted in five reported breaches, four breaches were due to the inappropriate or unauthorised disclosure of information, two were unspecified and one breach resulted from a system error.
The 26 breaches were spread across a number of different sectors. The most, six incidents, were reported from the health sector, then fiduciary with four breaches.
Emma Martins, the Bailiwick’s Data Protection Commissioner, commented on how they continue to evidence the important role of human behaviour in this context, “As we approach six-months since the launch of our social initiative, Project Bijou, it’s clear again that there are real opportunities to reduce the incidents of data breaches and the harms that often result.
“Understanding better how there is always a human at the heart of a breach means we become more invested in caring for personal data properly, not just because it is our legal duty, but because it is right and ethical to do so. It is people that can be harmed when things go wrong but it is also people who have the opportunity to prevent those things from happening in the first place. If we genuinely engage with the significant responsibility we shoulder when handling other people’s data, we are much more likely to take care.
“It’s pleasing to see that the level of breaches has dropped from the number seen for the previous reporting period, but each breach matters and we must continue to put every effort into reducing them as much as possible. While it’s true that not every email or piece of post sent to the wrong recipient represents a breach, every time a mistake like this is made, the potential is there for real harm to be done to an individual.”
