Charities suffered 53 data breaches in the six months to March this year, more than double the amount in the same period the previous year, according to figures published by the Information Commissioner’s Office.

Charities are now the fourth most likely category of organisation to fail to properly protect others’ data, according to quarterly ICO figures, below health services, local government and education services.

A data breach involves a failure to comply with the Data Protection Act. It is an incident in which sensitive or confidential data is stolen or viewed by an individual unauthorised to do so, and carries a fine of up to £500,000.

In 2013, the Nursing and Midwifery Council received a £150,000 fine after it lost three DVDs containing patient information. Last year, the British Pregnancy Advice Service (BPAS) was fined £200,000 after a hacker accessed 10,000 users’ details.

In the year to March 2014, charities suffered a total of 45 data breaches, with 21 in the second half of the year. But in the year to March 2105 this rose to 76, with 53 in the second half of the year.

In an analysis of how to comply with the Data Protection Act, published today by Civil Society News, chartered accountancy firm HW Fisher said that charities need to do more to ensure they are compliant, or potentially face more large fines.

“My advice to charities is to ensure you have policies in place, that your staff are properly trained in data protection and you use a privacy impact assessment before starting any new project, asking yourself what you are doing with the personal information and why,” said Adrian Duffley, risk and compliance manager at HW Fisher.