In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Published: 15 January 2021
ONE hundred and eighty (180) personal data breaches were reported to the Office of the Data Protection Authority (ODPA) during 2020, a 30% reduction on the 259 reported in 2019.
The ODPA release details every two months of the number and category of data breaches reported to them by local organisations who use people’s data. This is to raise awareness in local organisations that they all have a legal obligation to notify the ODPA within 72 hours if they become aware of a breach. Publishing this information also allows everyone to benefit from a better understanding of how and why breaches happen and how they can be avoided in future.
During November and December 2020, 33 breaches were reported. 16 were due to personal data being sent to the wrong person via email, and a further 11 breaches occurred via post. The remaining were due to ‘inappropriate disclosure’ (4), ‘loss of data/paperwork/device’ (1), and ‘cyber incidents’ (1).
It is important to remember that breaches can occur in a broad range of circumstances, this is not just about sending emails to the wrong person. Wherever information about, or related to, people is compromised there is a potential risk to people.
The Bailiwick’s Data Protection Commissioner, Emma Martins, commented,
‘I have been extremely impressed at our regulated community’s engagement and conduct since these new reporting requirements came into force in 2018. Whilst the statistics are very important and can help us better understand and respond to certain trends and areas of risk, the real prize is positive and constructive engagement. As a jurisdiction we are maturing into a community which is increasingly accountable and intelligent in its handling of data, including when things go wrong. We have all learned a great deal about how some key risks are often hidden in plain sight. Talking openly and maturely about those risks allows us to tackle them and reduce them.’
Bi-monthly breach statistics