The number of personal data breaches reported by Guernsey organisations over the past two months is not reducing, but consistent with previous reporting periods.
In total, 32 such breaches were notified to the Office of the Data Protection Authority (ODPA) from 1st March through to 30th April, of which five were cyber security related and the remainder non-cyber incidents. The total is just three more than the previous two months, with information sent to the incorrect recipient still proving to be the greatest cause of risk to an individual’s personal data.
Overall, from the latest figures, 17 incidents (58%) related to incorrect posting or emailing and 9 (31%) were inappropriate or unauthorised disclosure of information. These are broadly consistent in totals and nature of breaches and reported by organisations from a range of sectors, with the majority from finance and public authorities (65% and 17% respectively).
Emma Martins, the Bailiwick’s Data Protection Commissioner, confirmed she was encouraged that the number of breaches reported remain consistent, but advised on the role people play in personal data breaches.
“This period’s statistics are in line with the established trend: the numbers are not increasing, which is positive, but it is what people, not systems, do that is the biggest factor in most data breaches reported to us.
“Protecting data well is first and foremost a human issue and armed with that knowledge there is a great deal that we can all do to reduce risk.”
This video from the ODPA focuses on mitigating human error:
Emma added: “The ODPA aims to be a transparent, open and supportive regulator, focussed on encouraging awareness and engagement.
“The wide range of events, workshops and support programmes scheduled each year are proving to be popular with local organisations and individuals so we would encourage both to continue to engage with us. Building a culture of honest and constructive learning can help us all to work towards higher standards of compliance.”