Human error the main cause of data breaches

Tuesday 12 November 2019

44 personal data breaches have been reported to the Data Protection Authority in the past two months.

24 of the breaches were due to personal data being sent, via email or post, to the wrong person.

The remaining twenty were through hacking, personal data being accessed inappropriately, the disclosure of personal data when not authorised to do so, system error, or personal data being lost. 

Overall, forty breaches were the result of human action, with just four resulting from system error. 

The Bailiwick’s data protection commissioner, Emma Martins, commented on the role people play in personal data breaches.

"Once again, this period’s statistics reinforces the trend we have seen for some time: that it’s what people, not systems, do that is the biggest factor in most data breaches reported to us. Protecting data well is first and foremost a human issue."

This trend, where people’s awareness, attitudes, behaviour, and choice of actions often pose the biggest risk to the protection of personal data is observed not just locally, but also worldwide.

In October 2019, the 41st International Conference of Data Protection and Privacy Commissioners (ICDPPC) passed a resolution for participating national authorities to ‘address the role of human error in personal data breaches’.

The resolution, sponsored by the Office of the Australian Information Commissioner, calls on all ICDPPC members (including the ODPA) to ‘promote appropriate security safeguards to prevent human error that can result in personal data breaches’.

The resolution identifies the role of ‘building workplace cultures where privacy and personal data security are organisational priorities, including through the periodic implementation of training, education and awareness programs for employees on their privacy and security obligations and the detection and reporting of threats to the security of personal data.’

Pictured top: Emma Martins.