In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Published: 24 October 2018
‘The continued high levels of compliance by local organisations when reporting these incidents is to be welcomed. We recognise that it may not come naturally for organisations to inform regulators when things don’t go to plan and we understand that having confidence in my Office and the way in which such matters are handled is vital. Taking a proactive approach in this area will help to enhance confidence in the organisations handling our personal data. It also provides my Office with extremely useful insight about the types and nature of breaches, which in turn enables us to target our education and compliance programme in a meaningful and effective way.’The breach reports received suggest that organisations are exposed to the greatest risk of breach when personal data leaves their direct control, either by post or email. The ODPC offers the following advice to local organisations. When using postal or email systems for sending personal information:
“I’ve sent details related to Mrs A. Bloggs positive pregnancy test results to Mrs C. Bloggs.”Instead, you should submit a breach report in the below format, which protects the data and identities concerned.
“At 13:10 on 19 October 2018, I sent special category medical data related to a patient’s pregnancy to an individual with a similar name in error.”Download infographic version of this example here. The Office of the Data Protection Commissioner is working to improve its online breach reporting mechanism and has asked for any comments to be submitted via enquiries@odpc.gg.
The Bailiwick of Guernsey's independent authority which regulates data protection legislation through an ethics-based approach, empowers individuals and protects their rights, promotes excellence in data protection, and supports the data economy to embrace innovation.
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074enquiries@odpa.gg
St Martin's House, Le Bordage, St. Peter Port, Guernsey GY1 1BR
Newsletter sign-up Privacy Notice Careers Cookies
Website by
&
Indulge
© 2021 The Office of the Data Protection Authority.