Select a region
29 personal data breaches were reported to the Data Protection Office in the first two months of the year.
Overall, from the latest statistics, 16 breaches related to data sent to the wrong person by email, while six incidents were due to data sent to the wrong person by post.
Cyber incidents have been prominent in the news recently due to some Microsoft Exchange email servers that were left vulnerable to attack by a security flaw.
"These high-profile attacks serve to remind us all of the importance of being informed, prepared and vigilant," said the Bailiwick’s Data Protection Commissioner, Emma Martins.
"Data security is a collaborative effort for the entire organisation, however large or small. Understanding the reality of the risk is not an optional extra, it is critical. The threat landscape is increasingly complex and highlights the importance of contracting with providers that can provide trusted and responsive advice and support.
"Taking data governance and security seriously will reap rewards for businesses; failing to do so has the potential to do irreparable damage to them."
A spokesman for the ODPA said they could not confirm whether any of the breaches were being investigated further.
"Our Law prevents us from commenting on individual breaches except in certain circumstances when the Authority determines a public statement is appropriate. What we can say more generally is that most breaches reported to the ODPA do not require further action, such as an investigation.
"A minority of breach reports are investigated further. In exceptional circumstances where someone has been harmed by the breach, either deliberately or accidentally, sanctions (up to and including a fine) are considered.
"Deliberate breaches are rare, and normally result from criminal activity, gross negligence, or a lack of engagement with the Law."
When is a 'breach' not a breach?
Emails to the wrong recipient are reportedly "a very common occurrence", according to Mrs Martins.
"An email going to the wrong person(s) isn’t always a breach and therefore these incidents do not necessarily have to be reported in to the ODPA. It depends on the context the email was sent in, the email’s contents, and whether the circumstances pose someone a risk.
"Many emails that go astray contain no personal data and therefore pose no data protection/privacy risk to anyone, in those cases the data protection law would very likely not apply and you would not be legally obliged to report it to the ODPA. If in doubt speak to your Data Protection Officer, if you have one, or call the ODPA for advice."
Comments
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.