The Information Commissioner Office is the UK’s independent body that upholds information rights (https://ico.org.uk/about-the-ico/who-we-are/). They cover different legislation and handle tens of thousands of enquires, complaints, and concerns that are made each year. They take action and investigate how organisations handle data.
Where bodies fail to meet requirements of legislation, the ICO can do different things which include; prosecute those who commit criminal offences under the Act; report to Parliament on issues of concerns; or conduct investigations to assess and check if organisations are complying with the Act.
As Data Leak Lawyers we can occasionally work with them, but our role is to help properly compensate victims of data leaks, breaches, and hacks. A lot of the work they cover is relevant for what we do though.
Recent ICO reports – Health sector the biggest perpetrators
In recent reports carried out by the ICO, they found that the Health sector continues to be the area in which most data security breaches take place. This could be due to the fact that the NHS requires all incidents to be reported, as well as the size of the institution, and also how sensitive medical information usually is.
As the NHS handles some of the most personal and sensitive data that people will have, breaches can cause people to suffer a huge amount of problems and distress.
It was found that local governments were the second most common institution that had the most data breaches. Local governments handle a large amount of our personal information, and the report worriedly found a rise in data breaches by 34%. Like with the NHS, it can be very distressing for people who suffer a data breach due by their local government because of the level of personal information we give to them.
In some other areas, we saw a decrease in data breaches. The general business sector reported that there was a 16% fall in data breaches as well as there being a 36% decrease in the finance, insurance and credit sector.
The report found that the two most common incidents where data was breached was when data was posted or faxed to the wrong person, or where information was loss or stolen. Data being sent via email to the wrong recipient dropped by 52%. There was a 34% decrease of data breaches from insecure webpages.
There was, however, a 115% increase in a failure to properly redact data.
Preventing data security incidents
The report found that the most common incidents where there had been a data security incident was when it came to data being posted, faxed, or emailed, and when there was a loss or theft of paperwork. The report has set out some steps that organisations can follow in order to prevent data breaches. This includes a guide to data protection on technical and organised security measures that can be taken to help improve data security, as well as general IT security tips.
Ultimately, it’s almost impossible to fully prevent data leaks at the moment. But we know organisations can do more to reduce the risks and keep data breaches down.