Statistics & Reports

When examined properly, statistics offer us all a chance to learn from the past and be better in future. We publish statistical information via our Annual Reports and our bi-monthly self-reported breach press releases to ensure that we are transparent and accountable about our activities as well as helping to highlight areas of particular focus for the future.

What is a personal data breach? 
A personal data breach is defined in section 111(1) of the Law as any incident that meets the following criteria:

  • a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.  
There will likely be a breach whenever any personal data is accidentally lost, corrupted or disclosed, or if someone accesses it or passes it on without proper authorisation to do so.


Why do breaches need to be reported?
One of the key changes to the local data protection law that came into force in May 2018 is that organisations are legally required to notify the ODPA of any personal data breach within 72 hours of becoming aware of it (see section 42 (2) of the Law). You can report a breach to us here

Why does the ODPA publish breach statistics? 
We have published statistics of the number of breach reports we receive, every 2 months since October 2018. Publishing this information allows everyone to benefit from a better understanding of how and why breaches happen and how they can be avoided in future. 
 

Reported Data Breaches

2 months to 31 August 2022
ODPA publish latest personal data breach statistics 18
2 months to 30 June 2022
Honest conversations about risk to people’s data needed 28
2 months to 30 April 2022
Most recent personal data breaches occur via email according to latest statistics 26
2 months to 28 February 2022
Complexity of personal data breaches revealed 27
2 months to 31 December 2021
Most breaches caused by human error and cyber criminals 25
2 months to 31 October 2021
Our behaviours must change to protect people’s data 26
2 months to 31 August 2021
Highest number of breach reports since 2019 36
2 months to 30 June 2021
‘Effective, successful and trusted’ organisations benefit from considered breach response 29
2 months to 30 April 2021
ODPA sees similar levels of breaches being reported 32
2 months to 28 February 2021
ODPA highlights incorrect email myths 29
2 months to 31 December 2020
2020’s reported data breaches down 30% on previous year 33
2 months to 31 October 2020
ODPA confirms data breaches still at low levels, mostly accidental 34
2 months to 31 August 2020
Lowest number of data breaches: less data harms, or less engagement? 21
2 months to 30 June 2020
Learning and improvement the route to a culture of compliance 34
2 months to 30 April 2020
Commissioner ‘encouraged’ by consistent breach reporting trend 30
2 months to 29 February 2020
Lowest number of breaches in more than a year 28
2 months to 28 December 2019
Data Protection Commissioner calls for a culture of improvement 48
2 months to 27 Oct 2019
Data breaches: workplace culture change needed 44
2 months to 26 Aug 2019
Human behaviour remains key risk to protecting data 32
2 months to 25 Jun 2019
Data Protection Commissioner cautions against a ‘culture of blame’ 50
2 months to 22 Apr 2019
Human error remains biggest risk in data protection locally 40
2 months to 22 Feb 2019
ODPA report further increase in local data breaches 45
2 months to 18 Dec 2018
Increase in local data breaches 28
2 months to 18 Oct 2018
ODPC offers advice after increase in local data breaches 26