22 of those 45 breaches were within the local healthcare sector.

This does not include the most high profile data protection breach within healthcare which led to a court case recently, as that happened before the new laws were brought in. 

Pictured: The number of data breaches by sector in the two months up to February 2019. 

The number of data protection breaches has gone up from 28 in total over the previous two month period to 13 December 2018.

The ODPA says this rise is likely down to organisations now becoming more aware of their legal obligations to report any breaches and the ODPA "fully expects to see further increases as awareness continues to grow."

Most of the reported incidents were low-level with no further action required but the ODPA says it currently has "a heavy caseload of ongoing investigations, and a number of the recent breaches will be subject to further enquiry."

A Health and Social Care spokesperson said:

“HSC support the explanation provided by Emma Martins in terms of the circumstances relating to the seemingly high numbers of healthcare data breaches.Please note that the figure of 22 cited in the report relates to the entirety of healthcare providers, not solely HSC. Within the 22 reported, HSC represents one breach within this group with the balance arising from other providers.

“HSC takes the issue of data control very seriously and works to constantly improve its performance in this area. When potential breaches occur however, informs the ODPA as required by law, investigates the incident and applies the lessons learnt."

The Bailiwick’s Data Protection Commissioner, Emma Martins, cautioned against looking at the breach statistics in isolation though.

"Whilst it appears on face value that the healthcare sector is disproportionately responsible for more breaches, the reality is much more complex. This sector routinely deals with significant amounts of sensitive ‘special category’ personal data, so more of their breaches are likely to meet the severity criteria at which there is a legal obligation to report to us. That, combined with the fact that certain healthcare providers are taking what we consider to be the enlightened approach of choosing to report all breaches to us, means that we see a high number of healthcare data breaches in the statistics. Organisations within other sectors, such as certain public authorities assess all incidents and only report medium-to-high level personal data breaches to us. This gives the appearance that these sectors are experiencing fewer breaches."

Pictured: Emma Martins. 

Mrs Martins also emphasised that organisations who report are positively engaged with their legal obligations to protect people’s data.

"Whilst no-one wants to see breaches, the reality is they are happening all the time. We would be more concerned if no reports were received as that would indicate a lack of compliance with the law as well as a lack of trust and confidence in our office by the regulated community."

Under the new laws, introduced in May 2018, all organisations are 'encouraged to take a proactive approach to their breach reporting obligations in the knowledge that this will assist them in understanding and managing their own risk, as well as providing the ODPA with valuable information to support its work.'