Human error is being blamed for an increase in data breaches reported to the Information Commissioner’s Office (ICO) despite an ongoing awareness of the need for appropriate education and processes to prevent such incidents.
According to a Freedom of Information (FoI) request submitted by encryption specialists Egress Software Technologies, one quarter of all data breaches between April and June 2014 involved the accidental loss or destruction of personal data and around 43 percent of these were caused by sending data to the incorrect email fax or postal addresses.
Only seven percent of breaches were caused by technical failings, with the remainder caused by human error, poor processes and systems in place, or a lack of care when handling data. Indeed, no fines have been issued due a technical error exposing confidential data, whereas £5.1 million worth of penalties have been handed out due to the poor management of sensitive information.
Egress suggests this implies that convenience rather than security is a bigger priority for businesses and organisations when they share data with third parties, especially given the current emphasis on data protection following a number of high profile breaches.
“It is concerning that such a high number of data breaches occur as a result of human error and poor processes, let alone the fact that this figure is actually rising,” says Tony Pepper, CEO of Egress. “Of course, we will never be able to completely rule out people making mistakes but clearly safeguards are urgently needed. Confusion can often put confidential data at risk, with users unsure of when and how to encrypt. Similarly, a continued reliance on fax and post demonstrates a disturbing lack of care and control taken to sensitive information.”
In total, the ICO has served up £6.7 million in fines since 2010, £4.5 million of which were issued to the public sector and therefore paid using taxpayer cash. The biggest fine to date was given to Brighton and Sussex University Hospitals NHS Trust in 2012 after hard drives containing a massive amount of sensitive data were sold on eBay in 2010.
The ICO itself is also not immune. Earlier this year the watchdog admitted it had breached data privacy regulations over the past month but was criticised for its lack of transparency over the incident which it described as “non-trivial”.
What do you know about ICO and its counterparts? Take our quiz!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…