Information Security Week 2019 - Monday, 7 October: Data Breaches
Mon, 07 Oct 2019

Day 1 – Data Breaches

It seems like every day another data protection breach appears in the news!

The data protection and feedback team has been notified of 347 incidents since the introduction of GDPR and the Data Protection Act 2018 in May last year.

Remember, not every incident turns out to be a breach but the council is required to record and investigate every incident that occurs, even if it does not turn out to be a confirmed breach.

The volume of incidents reported has increased by over 200% compared to the same period prior to the introduction of the new legislation. 


Investigating Breaches

Breach investigations have tight deadlines that must be adhered to, in order to
ensure that the council complies with legislation. The data protection and feedback team requires part one of an investigation to be completed within 48 hours of the council being notified of the breach, this then helps to establish whether the breach needs to be reported to the Information Commissioner’s Office (ICO) within the statutory deadline of 72 hours.


What are the frequent breaches?

All breaches are categorised, but over 53% of incidents relate to either email or post.

Email is a key area where staff can use guidance to reduce the risk of a breach occurring.

Data breaches concerning email addresses commonly occur when people have their recent contacts saved in their email accounts. Recent contacts can include both internal and external contacts and are built upon the people/companies you communicate with most frequently.

Recent contacts may remain in your email account if you do not take action to remove them. You are responsible for ensuring that all recent contacts are removed from your email client.

Visit https://insight.eastriding.gov.uk/help/lotus-notes-help/guides/ for the latest guidance.


High Profile Examples

British Airways - The ICO has proposed a fine of £183.39million after users of British Airways’ website were diverted to a fraudulent site: https://www.bbc.co.uk/news/business-48905907

Marriott International – The ICO has said it plans to fine the US hotel group £99.2million after a guest reservation system was compromised and around 339million guests had their personal details exposed: https://www.bbc.co.uk/news/technology-48928163


How do I report a breach?

Remember, all data protection breaches must be reported to the data protection and feedback team immediately, regardless of how minor you may consider a breach to be.

Contact the data protection and feedback team at data.protection@eastriding.gov.uk or call (01482) 391419.


Share your views

Whether you like this new page or there's something not quite right - please let us know!