Data Breaches – It’s Not Just Hackers

In the General Data Protection Regulation and other data protection regulations around the world, data breaches are a topic of concern. In all cases, the regulators do not want data breaches to happen (because it goes against the data protection mandate), and generally speaking, there is a requirement to notify a given authority when a data breach is detected. But despite the general expectation that data breaches are caused by nefarious external agents acting with malicious intent, there are many other types.

Here’s some:

  • An employee who accesses personal data records on customers or patients that are outside his or her task domain, or otherwise beyond what they need to access for their job. The ICO in the UK prosecutes people when this happens, such as a hospital worker, a housing worker, and a council worker, among many others profiled on the ICO blog.
  • An organisation that should know better didn’t scrub the metadata on its published research, legal advice and reports, thereby disclosing details of employee names when its policy is to not disclose employee names.
  • An employee leaves a firm and takes details on customers to a competitor or to their own new firm in the same market space. Again, the ICO prosecutes people for breaches of this nature, such as a recruitment consultant who stole the details of 272 individuals.
  • A county council didn’t put appropriate access security on a database containing personal and sensitive information, which meant that members of the public could access the data with a search engine.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.