In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Published: 4 March 2019
‘Whilst it appears on face value that the healthcare sector is disproportionately responsible for more breaches, the reality is much more complex. This sector routinely deals with significant amounts of sensitive ‘special category’ personal data, so more of their breaches are likely to meet the severity criteria at which there is a legal obligation to report to us. That, combined with the fact that certain healthcare providers are taking what we consider to be the enlightened approach of choosing to report all breaches to us, means that we see a high number of healthcare data breaches in the statistics. Organisations within other sectors, such as certain public authorities assess all incidents and only report medium-to-high level personal data breaches to us. This gives the appearance that these sectors are experiencing fewer breaches.’Mrs Martins also emphasised that organisations who report are positively engaged with their legal obligations to protect people’s data.
‘Whilst no-one wants to see breaches, the reality is they are happening all the time. We would be more concerned if no reports were received as that would indicate a lack of compliance with the law as well as a lack of trust and confidence in our office by the regulated community.’All organisations are encouraged to take a proactive approach to their breach reporting obligations in the knowledge that this will assist them in understanding and managing their own risk, as well as providing the ODPA with valuable information to support its work.
The Bailiwick of Guernsey's independent authority which regulates data protection legislation through an ethics-based approach, empowers individuals and protects their rights, promotes excellence in data protection, and supports the data economy to embrace innovation.
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074enquiries@odpa.gg
St Martin's House, Le Bordage, St. Peter Port, Guernsey GY1 1BR
Newsletter sign-up Privacy Notice Careers Cookies
Website by
&
Indulge
© 2021 The Office of the Data Protection Authority.