UK data breaches are increasingly being traced back to human error, despite the growing emphasis on data protection.
A Freedom of Information (FOI) request to data privacy watchdogs at the Information Commissioner’s Office (ICO) revealed that a quarter of reported data breaches during the first three months of 2014 were caused by the accidental loss or destruction of personal data.
These figures are up from 15 per cent for the second half of 2013, according to encryption services provider Egress Software Technologies.
Many of these breaches (43 per cent) involved confidential information being disclosed in error, primarily through emailing, faxing or posting data to an incorrect recipient.
Only seven per cent of breaches for the period occurred as a result of technical failings. The remaining 93 per cent were down to human error, poor processes and systems in place, and lack of care when handling data.
“To date no fines have been levied due to technical failings exposing confidential data, whereas a total £5.1m in fines has been issued for mistakes made when handling sensitive information,” according to Egress.
Healthcare organisations top the list of most data breaches with 183 in 2014, doubling from 91 breaches in 2013. The number of data breaches in insurance and among lenders both tripled in 2014 compared with last year. Telecoms (150 per cent) and recruitment (300 per cent) also experienced big increases.
Since 2010, the total number of fines issued by the ICO for violations to the Data Protection Act amounts to than £6.7m. Public sector organisations make up the lion’s share (£4.5m) of these fines.
Egress provides a range of encryption services for secure data transfer, offering on-demand security for organisations and individuals sharing confidential information electronically, according to online sources.
“It is concerning that such a high number of data breaches occur as a result of human error and poor processes, let alone the fact that this figure is actually rising,” said Egress Software chief exec Tony Pepper. “Of course, we will never be able to completely rule out people making mistakes, but clearly safeguards are urgently needed.”
“What these statistics demonstrate is that training alone is not the answer,” according to Pepper, who argued that encryption technologies and other technical controls offer a more effective means to guard against data breaches than trying to coach staff into following data handling guidelines.