Human error is now the biggest cause of data breaches, according to the Information Commissioner's Office.
A Freedom of Information request by ViaSat UK found that the largest proportion of data breaches were simply down to information being disclosed in error. Of the 730 self-reported data breaches, 281 were the result of information being disclosed in error in the form of emails sent mistakenly, documents sent to the wrong people's houses and similar. The biggest offender in this situation is local government, whose 88 incidents of human error accounted for 53 per cent of all its self-reported data breaches.
It also found that the public sector is the most commonly fined area, while only 0.3 per cent of self-reported private sector breaches were penalised. It found that despite being responsible for 263 of 730 self-reported data breaches between March 2011 and February 2012, the private sector has received only one financial penalty in that time: the £1,000 levied against ACS:Law in May 2011.
Chris McIntosh, UK CEO of ViaSat, said: “It is wholly disconcerting that those data breaches which should be easily avoidable are now the most commonplace. While the message on data protection may be getting through to the heads of organisations, there is no point in having these measures in place if workers don't follow them.
“The fact that local government organisations are the worst offenders helps explain why the ICO has been imposing so many financial penalties on this sector, perhaps in an effort to get the message through. However, the true extent of the problem may be even greater: while the ICO offers free training and auditing to organisations to help address these issues, so far the private sector in particular has been slow to take them up, meaning that further incidents may be waiting to be discovered.”