Data breaches on the rise

The number of companies and organisations failing to adequately protect peoples’ personal data has risen substantially over the past two years according to figures released this week. Worryingly, we're not discussing an oversight as simple as failing to backup data - and the ramifiactions for businesses are far greater than having to pay a bill for data recovery services.

The Information Commissioner’s Office, the public body responsible for upholding data protection laws within the UK, have reported an astonishing 75% increase in the number of reported data breaches over the past two years. The information that was leaked included bank details, criminal and health records, and names and addresses.

Of the breaches that were reported to the ICO, more than 2,000 were attributed to human error, whilst only 292 came about as a result of targeted attacks. Of these, 442 came about as a result of emails being sent to the wrong recipients, 441 because employees faxed or posted information to the wrong recipients and 438 to lost paperwork. Healthcare was the sector most likely to be responsible for a breach with 1,214 leaks having been attributed to this area.

Considering the effect of GDPR

The General Data Protection Regulation (GDPR), essentially an update to data protection law, came into force on the 25th May 2018. The most significant changes it brought were considerably larger fines, the need to ensure that users consented to how companies and organisations intended to use their data/information and, crucially, it obligated businesses and organisations to report any data breaches to the relevant public bodies (the ICO in the UK) within 72 hours. This final point, it’s logical to conclude, could be behind the increase in the number of reported breaches.

That said, GDPR has now been active for less than four months. That accounts for just 12.5% of the relevant two-year period; just how much of an effect is this likely to have had? With organisations of all kinds reluctant to discuss the frequency with which leaks and breaches occur, it’s difficult to say. We do, however, expect this figure to continue to grow and are confident in stating that this will at least partly, though probably significantly, grow due to the introduction of GDPR.

What fines can be issued for breaching GDPR?

As we’ve said previously, the introduction of this new legislation allows authorities to issue larger fines but – due to the colossal increases in question – it simply wouldn’t be right to finish this article without letting you know what the maximum fine for being careless with peoples’ information is.

So, if you suffer a data breach, you could be fined a maximum of €20 million or 4% of your business’s annual turnover, whichever happens to be larger.

So, lost data could now result in you being issued with a very, very large fine!