Out-Law / Your Daily Need-To-Know

Rise seen in data breaches reported to UK watchdog

Out-Law News | 16 Feb 2018 | 3:20 pm | 1 min. read

The number of data breaches reported by organisations to the UK's Information Commissioner's Office (ICO) rose by nearly a fifth in the last three months of 2017, according to the watchdog.

The 19% increase could be down to "increased awareness" of the forthcoming new General Data Protection Regulation (GDPR) as well as the fact that the ICO opened a new personal data breach helpline, it said.

Currently, only some organisations are obliged to report personal data breaches they experience. This obligation applies to companies in the financial services sector and telecoms market, as well as to health bodies and central government departments.

Self-reporting of data breaches is, however, encouraged of all organisations and has been a mitigating factor considered by the ICO when determining what enforcement action to take after becoming aware of incidents that breach the Data Protection Act.

However, under the GDPR, which will apply from 25 May, all organisations will be subject to a new mandatory data breach notification regime.

The ICO said that, between the beginning of October 2017 and the end of the year, there were 815 data breach incidents reported to it by organisations across all sectors. This compared to 687 such breaches reported between July and September.

Within the 'general business' category, there were 99 data breaches reported in the last quarter of 2017, with the most common breach stemming from a cyber incident, according to the ICO's figures. Other data breaches in the sector stemmed from failings such as the loss of paperwork, disclosing data to the wrong recipient via email and the loss or theft of unencrypted devices.

There were 32 data breaches reported to the ICO by businesses in the finance, insurance and credit market.

The ICO's data revealed a 68% rise in the number of data breaches reported by organisations in the education sector from the July-September reporting period to October-December last year, with the volume of incidents reported rising from 57 to 96 across the quarters.

A further 22% rise in data breach incident reported to the ICO by organisations in the health sector was also recorded during the final three months of 2017.

In central government, a failure to redact data on 11 occasions spurred a 178% rise in the number of data breaches reported in October-December (25) compared to the previous three months (nine).

"Before releasing a redacted document, always follow these three tips: consider meta data when redacting information; check all data has been redacted and is not reversible before releasing; get someone to double check redactions," the ICO said.