It would be expected that there are data breaches within some companies, and, in the past, certain sectors may have been more likely to suffer breaches than others. However, according to the figures published in the Information Commissioner’s Office Data Breach Audit 2015, some organisations that you would expect to suffer fewer data breaches than others, are some of the worst.
A data breach is defined as a failure to comply with the terms of the Data Protection Act.
The most common breach in the last quarter was the theft or loss of paperwork. This accounted for around 25% of all incidents. On the rise are incidents involving insecure websites or hacks. These almost doubled in the last quarter, a worrying trend if it continues.
Breaches by Type
When it comes to sector type the health sector suffers the most breaches. Having fallen victim to over 180 breaches in the last quarter. While this is a decrease from the 196 data breaches in the second quarter, it accounts for 40% of the total reported incidents.
Central government, is another area that would would expect to be secure. Yet here there were a total of 35 data breaches throughout the year. The fact that the figures for both the third and fourth quarter are the same shows little is improving.
Local government organisations saw 49 data breaches in just one quarter. Interestingly, the only data breaches suffered by political parties, were two in the first quarter of the year, suggesting that they have worked on and solved what was going wrong.
Prisons have suffered no data breaches over an entire year, yet the police and criminal records organisations suffered close to 50. This even increased by 11 from the third to fourth quarter. Although an obvious target for attack you would expect it may be able to better protect itself than other organisations.
Solicitors and barristers don’t fair well either, with 82 cases reported to the ICO in the last year.
Breaches by Sector
Of course, unless your data protection policy is completely watertight, it might be difficult to go a whole year without any data breaches. It should be noted the type of most common breaches involved the loss of paperwork or information sent to the incorrect recipient.
Therefore, it is important for your company to work on your internal data protection policies. Particularly when it comes to the most common types of breach. In order to avoid potential fines and loss of business.
You should also ensure you include secure data destruction methods in your policy. Especially when it comes to the renewal of hardware or devices within the business that may contain sensitive data.
[Photo Credit: Ian-S]