There are differing levels in terms of severity of data leaks – it could be fair comment to say that a person’s full name being leaked is perhaps not as dangerous as a person’s bank account details being leaked. But it does depend on other factors, like whether a leak of a name is related to a sensitive subject; such as the full name of someone with a certain medical condition, as an example.
If that happens then just a name can be very serious indeed, but in an age where leaks are happening around the world all of the time – and we literally mean, ALL of the time – we ask the question: is there really such thing as a “non-serious” data breach?
As I said in the opening of the blog it does depend on the nature of the information that has been leaked. If someone leaked the fact that I enjoy watching rugby, then I’m not particularly bothered; but if someone revealed that my name was on a medical list or perhaps a list of financial data then I might be more concerned…
But the issue really is not so much about whether a data breach is “serious” or “non-serious” – because the fact it has happened in the first place should always ring alarm bells. That is what should always be taken in to account in our view.
Taking a look at a recent example: a spreadsheet with the names and birth dates of hundreds of Northern Ireland Prison Service staff was mistakenly sent to an unintended recipient. The Northern Ireland Prison Service has labelled the breach as “not a serious security threat” which some of those involved have not been happy with.
But it’s important to remember that even small amounts of information can lead to serious consequences, but the reason it rings alarm bells is that such breaches and leaks should never happen in the first place. One thing that is commonly said about incidents like this is “it could have been worse” – and, of course, it usually can!
We live in age where technology is at the heart of everything, but organisations responsible for data still have a huge duty to protect data, and have the means necessary to make sure that breaches and leaks don’t ever happen. We’re therefore always of the opinion that any data breach or data leak should always be treated as serious.
The law, and organisational responsibility, is clear!