Home / News & Resources / News & Updates / Human error rather than cybercrime biggest cause of self-reported data protection breaches

Human error rather than cybercrime biggest cause of self-reported data protection breaches

  • Posted on

Human error rather than cybercrime biggest cause of self-reported data protection breaches

According to the Information Commissioner's Office (ICO), the number of reported data protection breaches has almost doubled since April this year.

The increase has happened since the introduction of the General Data Protection Regulation (GDPR) on May 25th. Under the GDPR the self-reporting of data breaches is now mandatory. As such, we can expect to see this increase in data breach reporting to continue to rise.

However, despite fears about cybercrime, human error is seven times more likely to cause data protection breaches than hackers.

According to data released under the Freedom of Information Act, out of 2,124 self-reported data breaches in 2017-18, fewer than 300 were because of cybercrime.

Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email
  • Unencrypted devices being lost or stolen

Worryingly, while cybercrime is not responsible for most data protection breaches, reported cybersecurity incidents have increased by 31% over the same period. Of these attacks, malware, phishing and ransomware were the most common culprits.

Which sectors report the most data protection breaches?

The sectors most affected by data protection breaches are:

  • Healthcare with 1,214 data breach reports (this sector was already subject to self-reporting before the GDPR)
  • General business with 362 data breach reports
  • Education and childcare with 354 data breach reports
  • Local government with 328 data breach reports.

In total, taking into account self-reported breaches and complaints from elsewhere, the ICO received a staggering 21,019 data protection concerns in 2017/18.

What can you do if you are the victim of a data protection breach?

The ICO can impose hefty fines on organisations that don't meet their obligations under the Data Protection Act. The biggest fine it has issued so far is for £400,000, but that was made before the new GDPR rules. However, the ICO does not award compensation to victims.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. At Hayes Connor Solicitors, we've been helping people to do just that for over 50 years, so we know what it takes to make a successful data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

Our expert, friendly team will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you.

If we believe you have a substantial, complex case, we'll go through your options with you and may be able to act for you on aNO WIN, NO FEE basis. For smaller claims, our quickassessment formwill help you to start your claim, quickly and easily. So you can be sure of receiving your compensation in the shortest possible time.

We can help you toclaim compensation for data protection breaches, data leaks, human rights breaches, and the misuse of personal information.

At Hayes Connor Solicitors, we understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. That's why we remove the jargon from the process and make sure you always know what's happening with your case. Of course, it goes without saying that our process is fully compliant with ICO guidance and we never put your details at risk.

START A DATA BREACH CLAIM