Published: 4 March 2019
‘Whilst it appears on face value that the healthcare sector is disproportionately responsible for more breaches, the reality is much more complex. This sector routinely deals with significant amounts of sensitive ‘special category’ personal data, so more of their breaches are likely to meet the severity criteria at which there is a legal obligation to report to us. That, combined with the fact that certain healthcare providers are taking what we consider to be the enlightened approach of choosing to report all breaches to us, means that we see a high number of healthcare data breaches in the statistics. Organisations within other sectors, such as certain public authorities assess all incidents and only report medium-to-high level personal data breaches to us. This gives the appearance that these sectors are experiencing fewer breaches.’Mrs Martins also emphasised that organisations who report are positively engaged with their legal obligations to protect people’s data.
‘Whilst no-one wants to see breaches, the reality is they are happening all the time. We would be more concerned if no reports were received as that would indicate a lack of compliance with the law as well as a lack of trust and confidence in our office by the regulated community.’All organisations are encouraged to take a proactive approach to their breach reporting obligations in the knowledge that this will assist them in understanding and managing their own risk, as well as providing the ODPA with valuable information to support its work.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by & Indulge
© 2024 The Office of the Data Protection Authority.