Does a drop in data breach reporting mean data privacy has improved?
In January last year, a report from the Information Commissioner's Office (ICO), told us that the number of reported data protection breaches had almost doubled since the introduction of the General Data Protection Regulation (GDPR). Of course, GDPR made self-reporting of data breaches mandatory, so this increase was to be expected. However, according to the latest ICO report[1], there was a steady drop in data security incidents between January and March 2020. So, does this mean that data privacy is finally improving?
Not necessarily. Because, according to the ICO, "these figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents." And, what is becoming more and more apparent is that many organisations do not know that a data breach has occurred until much later. In fact, according to one study[2], on average, companies take about 197 days to identify a data breach. In some cases, it can even take years.
Common causes of data privacy violations
The latest ICO report states that the volume of some cybersecurity incidents has increased considerably year-on-year. It lists the following common causes of data violations:
- Phishing
- Ransomware
- Unauthorised access
- Hardware/software misconfiguration.
However, just as with earlier reports, despite fears about cybercrime, it is human error that is still the leading cause of data breaches. And, the main culprits are:
- Data being sent to the wrong recipient
- Data posted/faxed to the wrong recipient
- Failure to redact data
- Failure to use bcc when sending an email
- Loss of theft of paperwork
- Unencrypted devices being lost or stolen.
These are the same data process failures that were occurring last year.
Which sectors report the most data protection breaches?
The sectors most affected by data protection breaches are:
- Healthcare
- Education & childcare
- Finance insurance and credit
- Legal
- Local government
- General business
- Retail and manufacture
What can you do if you are the victim of a data protection breach?
The ICO can impose hefty fines on organisations that don't meet their obligations under the Data Protection Act. However, the ICO does not award compensation to victims.
If you have suffered damage, distress or a loss of privacy caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And, at Hayes Connor Solicitors, we know what it takes to make a successful data breach compensation claim.
Our expert, friendly team will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you.
We also understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. That's why we remove the jargon from the process and make sure you always know what's happening with your case. Of course, it goes without saying that our process is fully compliant with ICO guidance and we never put your details at risk.
[1] https://ico.org.uk/action-weve-taken/data-security-incident-trends/
[2] IBM