ODPA calls for data diligence as email remains top type of breach

Thursday 19 May 2022

The Office of the Data Protection Authority (ODPA) latest breach report has revealed 26 personal data breaches reported between March and April 2022.

The most common form of breach was via emails being sent to the incorrect recipient in 11 cases, continuing the trend as the most prominent form of breach reported to the Authority.

Two of the reported breaches in this period involved templates which had been saved in error, overwriting the original file. The filled-out templates contained confidential information which were then made available to other people. 

Two unusual breaches were also reported in this period; one involved sensitive information being discussed in a telephone conversation and overheard by a third party, and a warehouse burglary in the UK where products stolen contained personal information that could be classed as ‘special category data’.

Speaking to Express, the Bailiwick’s Data Protection Commissioner Emma Martins said of the warehouse breach that information was taken from a “label on a parcel” and the data was “associated with a particular product or organisation, which can say a lot” about the associated individual. 

She said that whilst the breach occurred in UK territory, the concerned individual “has rights here,” and emphasised that “so much activity is cross-border now”.

Ms Martins compared this to the example of mobile phones, which whilst used in the Bailiwick are connected to servers potentially on the other side of the globe.

Pictured: The breakdown of reported data breaches in the Bailiwick for the past two months.

Ms Martins also claimed that “cyber matters across Europe are heightened and we are not immune to that,” adding that businesses must take steps to protect themselves “no matter how small or large”.

“Every second data is being collected. You may not care, but it impacts you and everybody needs to understand that impact,” she said

Before the introduction of more stringent data protection regulations, Ms Martins said that some businesses displayed “nervousness about informing the regulators initially,” but now data reports are “becoming really useful internally to inform board discussions”. 

“The vast majority of organisations want to do the right thing, often they just need the tools.

“Businesses need to trust us, [the ODPA] adds more value by using the exercise as a learning opportunity.

“You owe them the respect and dignity to treat the data well,” she argued, saying data is fundamentally reflective of the people it signifies.

She said of the upcoming MONEYVAL inspection into the Bailiwick’s financial services sector, and of reputation management more generally, that “anybody’s economy is driven by data”.

“Any sense that a jurisdiction cannot handle data well will have a serious impact.”