The number of reported personal data breaches has consistently dropped since the island's data protection laws were introduced.
In 2020 there were 180 personal data breaches reported, which fell slightly to 177 in 2021.
That fell again during 2022, to 151. During November and December there were 28 personal data breaches reported.
The Office of the Data Protection Authority said emails sent to the wrong recipients remain the main reason for reports being made. But, the ODPA also said there are many other common causes of personal data breaches, with access rights being one such cause.
Pictured: The latest data provided by the ODPA.
The Bailiwick's Data Protection Commissioner, Emma Martins, said:
“As always, there are important learning points in these latest figures that are relevant for everyone charged with looking after people’s information. Whilst we welcome the fall in reported incidents, we must ensure that the reporting obligations are understood and complied with across the regulated community.
"We want to do all we can to encourage openness, integrity and accountability in the handling of all personal data, especially when things do not go to plan and would take this opportunity to remind organisations of the legal duty to report breaches to us. Doing so not only ensures they remain compliant with the legal responsibilities they have, it also allows us all to understand and learn about real world risks with a view to taking steps to reducing and avoiding them where possible.”
The latest batch of reported personal data breaches included an employee who had authorised access to company data during their contract sent an email with confidential information to several people connected with the company after their employment was terminated.
The ODPA said one way of reducing the risk of that type of data incident is to use clauses in employment contracts to prevent ex-employees from soliciting customers whose information they had access to while employed by a business, and ensure that access rights are tightly governed so that when someone leaves, they no longer have access to data.
New Data Protection Commissioner needed for 2024
Sure fined £80,000 for data protection breach
HSC Data Protection concerns addressed
"Openness and transparency" at the heart of data protection
Sandpiper CI reprimanded for data protection breach
ODPA calls for data diligence as email remains top type of breach
Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.
There are no comments for this article.