Forty eight personal data breaches were reported to Guernsey’s Office of the Data Protection Authority (ODPA) in the two months leading up to 28 December 2019.
Of the reported breaches, 39 were due to human error, highlighting again, how people’s action continues to be the biggest cause of personal data breaches locally. Information sent via email or post to the wrong person has consistently been the most common type of data breach reported since statutory reporting requirements came into effect. In response to this trend, the ODPA has recently been focussing on the role of human error in its events programme to help organisations and individuals understand and respond to the risks.
The Bailiwick’s Data Protection Commissioner, Emma Martins, notes that changing attitudes and behaviour is key to reducing data breaches and preventing harm.
“These latest figures again illustrate how important it is for us all, whatever our role, to understand data protection as something more than an IT issue. We must focus on ensuring individuals’ rights are respected while also recognising the impact of human error when using personal data. It is unrealistic to expect people to never make any mistakes, but we can positively influence attitude and a culture in organisations where mistakes are learnt from, behaviours change as a result and the risk of future harm is reduced.
“We do not seek a culture of blame, rather we seek a culture of improvement,” added Mrs Martins.
The remaining self-reported breaches for the two month period fell into other categories including mislaid data, criminal, hacking, unauthorised access and unauthorised disclosure.
