Latest data published by the Information Commissioner’s Office shows that the charity sector was responsible for 21 data security incidents between April and June 2017 – a decrease of six on the previous quarter.
The figures are published on the ICO’s website and show that incidents involving charities fell, while total incidents rose from 678 in the previous quarter to 697. This means that charities accounted for just 3 per cent of the total number of incidents.
The latest figures represent the lowest number of incidents recorded by the charity sector since July to September 2015, when the figure was 17.
The health sector was responsible for the most incidents with 283, followed by general business with 80 and local government with 63.
Cyber incidents were the most common incident for the charity sector, with six being recorded. This includes phishing (attempts to obtain sensitive information by being impersonating a trustworthy entity such as a bank), exfiltration (unauthorised transfer of data) and security misconfiguration incidents.
Charities also reported three cases of the loss or theft of paperwork and a further three where a device was lost or stolen.
There were three unspecified “other principle seven failures”. Principle 7 is the overarching part of the Data Protection Act which refers to information security.
Other failures include not using the bcc function to hide people's details in emails and insecure disposal of paperwork.