You’re offline. This is a read only version of the page.
Published: 2 September 2025
The Office of the Data Protection Authority (ODPA) has released personal data breach statistics for Q2 2025. The ODPA saw a similar number of self-reported personal data breaches in the second quarter compared to the first, but the average severity was lower than earlier in the year.
The ODPA processed a total of 52 self-reported breaches in the second quarter, following 53 in the first.
Eight of the cases were graded as high-risk, down from fourteen in the prior period.
The most common type of self-reported breach was personal data being sent to the incorrect email recipient.
Case study:
One personal data breach involved patient confidentiality. A member of the public had asked for details of a medical referral on behalf of a family member.
These were provided verbally despite the fact that it was not clear whether the family member was authorised to request this information on the patient’s behalf.
This case study highlights the importance of proper authorisation when sharing information about a third party, even if a verified family member.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up now
Receive regular information and statistics related to our activities and governance
Sign up now
The Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by
&
Indulge
© 2025 The Office of the Data Protection Authority.