ICO Q2 Data Security Incident Trends

Published on: 11th January 2019

The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single most significant area of reporting was over "Disclosure of Data".

This includes data that has been hacked or deliberately accessed illegally, as well as "accidental" data breaches where information was made available through unsecured storage, or human error. These kinds of actions can include leaving memory sticks in public places, carbon copying emails with personal contact details in plain sight, circulating personal data as an attachment to recipients who should not have access, etc.

Their charts show that Health and General Business data incidents are most frequently reported, with Education and Finance following in 3rd and 4th place respectively.

While their data is for reported incidents, not all incidents, it is probably reasonable to suggest that these are representative of the experience of people at the moment. It highlights to two most difficult challenges for data protection of our time, firstly how to resist and repel hostile attack, and secondly how to avoid human error.

It is possible to tackle the external attack issues with clear preparation and software that can protect from data theft. It is also possible to reduce human error with regular training and audit. In both cases it's better to be active in managing the risks, knowing what is possible and how your business could be affected is the first step to reducing the likelihood of a data security incident. Make sure you know your business' data management and use, and check that you're making every endeavour to minimise these two most frequent risks to personal data in business.

PYXI GDPR Team: 11th Jan 2019 08:53:00