Human error is being blamed for an increase in data breaches reported to the Information Commissioner’s Office (ICO) despite an ongoing awareness of the need for appropriate education and processes to prevent such incidents.
According to a Freedom of Information (FoI) request submitted by encryption specialists Egress Software Technologies, one quarter of all data breaches between April and June 2014 involved the accidental loss or destruction of personal data and around 43 percent of these were caused by sending data to the incorrect email fax or postal addresses.
Only seven percent of breaches were caused by technical failings, with the remainder caused by human error, poor processes and systems in place, or a lack of care when handling data. Indeed, no fines have been issued due a technical error exposing confidential data, whereas £5.1 million worth of penalties have been handed out due to the poor management of sensitive information.
Egress suggests this implies that convenience rather than security is a bigger priority for businesses and organisations when they share data with third parties, especially given the current emphasis on data protection following a number of high profile breaches.
“It is concerning that such a high number of data breaches occur as a result of human error and poor processes, let alone the fact that this figure is actually rising,” says Tony Pepper, CEO of Egress. “Of course, we will never be able to completely rule out people making mistakes but clearly safeguards are urgently needed. Confusion can often put confidential data at risk, with users unsure of when and how to encrypt. Similarly, a continued reliance on fax and post demonstrates a disturbing lack of care and control taken to sensitive information.”
In total, the ICO has served up £6.7 million in fines since 2010, £4.5 million of which were issued to the public sector and therefore paid using taxpayer cash. The biggest fine to date was given to Brighton and Sussex University Hospitals NHS Trust in 2012 after hard drives containing a massive amount of sensitive data were sold on eBay in 2010.
The ICO itself is also not immune. Earlier this year the watchdog admitted it had breached data privacy regulations over the past month but was criticised for its lack of transparency over the incident which it described as “non-trivial”.
What do you know about ICO and its counterparts? Take our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…