Charities reported 118 data breaches to the Information Commissioner’s Office in the three months to March 2019, according to the latest update from the data regulator.
This is double the number that reported in the same period of 2017/18 (the fourth quarter of the year ending in March), when there were 59 incidents.
However, incident reporting has risen across the board since new data protection rules came into force, and the charity sector accounts for just 3.6 per cent of the total number of incidents reported to the ICO. The total reported across all sectors was 3,263.
Charities had reported 137 data incidents in the second quarter of 2018/19, which is the same as in the first quarter. There is currently no published report for incidents published in th the third quarter because of changes made to how incidents are reported and recorded.
For Q4 2018/19, there were 20 incidents that were classified as cyber breaches, including 10 phishing breaches.
Some 18 incidents were related to the loss or theft of paperwork left in an unsecure location, nine involved data being emailed to the wrong person, five related to a failure to use bcc when emailing, and four involved the verbal disclosure of personal data.
The nature of the incident was not disclosed by the ICO in 28 cases and it was classified as “other non-cyber incident” in 24 cases.
Overall, “general businesses” reported the most data breaches (638), followed by health (509) and education (428).