Every quarter, Guernsey’s Office of the Data Protection Authority (ODPA) shares insights from recent breach data towards elevating breach preparedness for public and private sector organisations.
From 1st July-30th September 2024, there were a total of 40 reported personal data breaches, one more than the previous quarter.
These breaches affected 2,837 people, down from the previous quarterly figure of 14,019. However, twice as many people (517) were affected by ‘high risk’ breaches.
Case study:
In one recent case, a retail outlet submitted a breach report after police informed them that an allegation had been made that a member of staff had shown CCTV footage from inside the store to a member of the public.
This CCTV footage contained images of customers and was not used in accordance with the retailer’s policy on CCTV use.
This incident demonstrates the importance of making sure that staff members only have access to the types of personal data needed to perform their duties. In most cases, not every member of staff requires access to all personal data processed.
In data governance, a ‘need-to-know’ basis can greatly decrease the chances of a data breach. This incident further highlights the importance of having audit trails for instances where personal data is misused.