Charities responsible for 27 data security incidents in first quarter of 2017

24 Aug 2017 News

Information Commissioner’s Office

Latest data published by the Information Commissioner’s Office shows that the charity sector was responsible for 27 data security incidents between January and March 2017.

The figures published by the ICO in its Data security incidents trends by sector and type 2016/17 report, showed that of the 678 total reported data security incidents in the first quarter of 2017, the charity and voluntary sector was responsible for only 27, just under 4 per cent of the total incidents.

This figure was also the lowest amount of individual data incidents recorded by the charitable sector since at least the April to June 2016 quarter. The figures showed that charities were responsible for 33 data incidents between October and December 2016; 35 between July and September 2016 and 29 between April and June.  

However total incidents for all sectors increased by 101 on the previous quarter. 

'Loss/theft of paperwork' reason for most charity incidents

The report also breaks the incidents down into type and showed the most prevalent data security breaches being made by charities in the first quarter of the year was the loss or theft of paperwork. Charities reporting this had happened six times in the first three months of the year to the regulator.

The ICO data showed that charities were also responsible for six further, unspecified “other principle 7” failures. Principle 7 is the overarching part of the Data Protection Act which refers to information security.

According to the data, staff in the charity sector failed to “use bcc when sending email” three times and insecurely disposed of paperwork twice. Incidents of a failure to redact sensitive data also occurred twice in the charity sector in the first quarter of the year.

The ICO dataset showed that the worst offending sector when it comes to data breaches in the first quarter of the year was health. The health sector was responsible for 254 individual data security incidents, followed by general business which was responsible for 80 breaches and then local government which was responsible for a further 76 breaches. 

 

More on