The Information Commissioner’s Office has released Q3 statistics on data protection incidents reported to their office. Not surprisingly, reports were up. Some of their key statistics:
Central government sector reports rose by 178% from Q2 (from 9 to 25). Incidents involving a failure to redact data increased from 1 to 11.
Education sector incidents rose by 68% (from 57 to 96). Incidents involving data sent by email to an incorrect recipient increased from 9 to 21.
Health sector incidents rose by 22%. The three main breach types were:
- Data posted or faxed to incorrect person;
- data sent by email to incorrect recipient;
- loss or theft of paperwork;
- Data left in insecure location;
- Failure to redact data;
- Verbal disclosure;
- Loss/theft of unencrypted device;
- Cyber incidents;
- Failure to use bcc when sending email; and
- Insecure disposal of paperwork.
Various other principle 7 failures also accounted for a total of 71 further incidents.