The UK data protection authority, Information Commissioner’s Office (ICO), has published statistics regarding breach incidents in the first quarter of this year (1 April - 30 June 2013). In a related press release, the ICO discussed conclusions drawn from the numbers regarding the most common types of data breaches and the sectors that appear to be at greatest risk. It also described the enforcement tactics used to respond to the incidents.

As many as 175 out of 335 data breach incidents investigated by the ICO concerned data being ‘disclosed in error’. This includes situations where emails were sent to the wrong people or where information was erroneously included in freedom-of-information responses. The ICO highlighted that carelessness was often at the heart of the problem, with the same mistakes frequently repeated. ICO treats carelessness seriously and will take enforcement action were warranted. Loss or theft of paperwork and hardware were the second- and third-highest, respectively.

The ICO also looked at where the incidents occur most frequently, finding the health sector and local government at the top of the list. The ICO noted reported incidents for these sectors were likely to be seen to be higher because of the presence of internal reporting guidelines. The third and fourth places on the list were taken by schools and the legal industry. The ICO noted that it will keep an eye on these sectors to see how they perform in the next quarter.

Recent enforcement action by the ICO includes: