Speaking at a recent event to mark Data Protection Day, the Data Protection Commissioner, Helen Dixon, confirmed that the number of breach notifications relating to low level breaches (e.g. 2 in 1 envelope errors), particularly from the financial services sector, remained high in 2014.
According to a recent survey carried out by the Irish Computer Society, more than half of Irish companies say that they have suffered a data breach in the last 12 months. The survey has identified that the most common threat to keeping data secure is employee or human error.
The 2013 Annual Report published by the Office of the Data Protection Commissioner (“ODPC”) confirmed the ODPC received over 900 notifications in relation to postal breaches in that year. A high percentage of these breaches were as a result of human error (e.g. mail merge issues, inaccurate addresses, 2 in 1 enveloping etc.).
Companies must ensure that employees are properly trained so as to raise or ensure an adequate level of data protection awareness exists within an organisation. This is of particular importance where data of a financial or sensitive nature is at risk as the effects of a breach can become even more distressing for the individual.
The ODPC has approved the Personal Data Security Breach Code of Practice which reflects recommended best practice when dealing with incidents of loss of control of personal data, or putting it at risk of such loss. A breach notification system should be in operation in all organisations to ensure that incidents are identified and managed appropriately and that they address how and when to notify the ODPC of breaches. The breach should be investigated fully and the cause determined and recorded so that any developing trends can be identified and potential gaps in training, practices or procedures can be rectified.