Incorrect email addresses cause of most data breaches

Tuesday 24 November 2020

The biggest cause of data protection breaches continues to be information being sent to the wrong person, according to the regulatory authority.

34 incidents were reported to the Office of the Data Protection Authority across September and October, 26 of which occurred when emails or post were sent to incorrect recipients.

The remaining eight were categorised as inappropriate access or disclosure, or as ‘cyber incidents’, according to the 11 categories used by the Authority. Most of these are in categories the authority considers to be ‘accidental’ in nature.

Six incidents came from the retail sector, and another six from fiduciary firms and three from charities. The remaining 19 were spread across 11 other sectors.

Data Protection Commissioner Emma Martins said the data proved “we can all play a positive and important role” in reducing the breaches that occur.

Pictured: Data Protection Commissioner Emma Martins

“It continues to be the case that accidental sending of data to the wrong person is the most common type of breach reported to us,” she said.

“We will never eliminate human error, but we should not underestimate the impact having robust systems and processes, together with comprehensive staff awareness and training programmes can have in mitigating those risks.”

These statistics were published in the most recent bi-monthly report from the ODPA. It follows the previous period of July-August which saw the lowest recorded number of data breaches (21).

Mrs Martins said that, though these breaches were accidental, there is a lot to learn for the parties involved.

“For each of these breaches, the personal information of one or more individuals is likely to have been compromised,” she said.

“Our aim in raising awareness and encouraging a focus on making improvements is to ensure we all do as much as we can to protect people from those harms.

“I would take this opportunity to once again thank our local regulated community for their engagement in this breach reporting requirement; it continues to have a direct and meaningful impact on raising the standards of governance for the Bailiwick.”