UK: ICO releases Q3 data security incident trends

The Information Commissioner’s Office has released Q3 statistics on data protection incidents reported to their office. Not surprisingly, reports were up. Some of their key statistics:

Central government sector reports rose by 178% from Q2 (from 9 to 25). Incidents involving a failure to redact data increased from 1 to 11.

Education sector incidents rose by 68%  (from 57 to 96). Incidents involving data sent by email to an incorrect recipient increased from 9 to 21.

Health sector incidents rose by 22%. The three main breach types were:

  • Data posted or faxed to incorrect person;
  • data sent by email to incorrect recipient;
  • loss or theft of paperwork;
  • Data left in insecure location;
  • Failure to redact data;
  • Verbal disclosure;
  • Loss/theft of unencrypted device;
  • Cyber incidents;
  • Failure to use bcc when sending email; and
  • Insecure disposal of paperwork.

Various other principle 7 failures also accounted for a total of 71 further incidents.

Source: ICO

About the author: Dissent