Guernsey’s Office of Data Protection Authority (ODPA) has published its latest breach statistics, with 28 personal data breaches reported during November and December 2022.
The total breaches reported for 2022 is 151, compared to 177 in 2021, and 180 in 2020.
Emails sent to the wrong recipients remain the main reason. But there are many other common causes of personal data breaches, with access rights being one such cause.
In the latest batch of reported breaches, an employee who had authorised access to company data during their contract sent an email with confidential information to several people connected with the company after their employment was terminated.
One way of reducing the risk of this type of data incident is to use clauses in employment contracts to prevent ex-employees from soliciting customers whose information they had access to while employed by a business, and ensure that access rights are tightly governed so that when someone leaves, they no longer have access to data.
The Bailiwick’s Data Protection Commissioner Emma Martins commented: “As always, there are important learning points in these latest figures that are relevant for everyone charged with looking after people’s information. Whilst we welcome the fall in reported incidents, we must ensure that the reporting obligations are understood and complied with across the regulated community.
“We want to do all we can to encourage openness, integrity and accountability in the handling of all personal data, especially when things do not go to plan and would take this opportunity to remind organisations of the legal duty to report breaches to us. Doing so not only ensures they remain compliant with the legal responsibilities they have, it also allows us all to understand and learn about real world risks with a view to taking steps to reducing and avoiding them where possible.”