Select a region
Seven Guernsey organisations have reported breaches of the newly implemented data protection legislation.
One month into the tightened regulations, Data Protection Commissioner Emma Martins said local organisations were responding to the higher standards required – but there had still been reports of breaches. However, all had been catagorised as the lowest level.
"The breach reports we have received predominantly relate to organisations unintentionally sending personal data to the wrong recipient, for example, by software autocompleting an email address and the user not checking before they send the email.
"We categorise each breach we receive depending on severity – the seven received in the month since the law changed have been ranked as low risk. This means that the breaches are unlikely to cause harm to the person whose data has been disclosed accidentally."
Under the new law there is a 72 hour window for organisations to report a data breach to the Office of the Data Protection Commissioner. Unlike the previous law, reporting breaches is mandatory rather than voluntary.
Mrs Martins said the mandatory reporting was proving useful.
"We are grateful for the insight that breach reports provide us, as they alert us to issues early and provide invaluable insight into the risk environment. This helps us to target our resources to support better compliance across the Bailiwick.
"The key message for local organisations is that we will work positively and constructively with you in the event of a data breach, to improve compliance, for the benefit of everyone."
Comments
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.