Charities reported 137 data security incidents to the Information Commissioner’s Office in the first quarter of 2018/19, according to recently published data – a more than sixfold increase from the previous year.
The ICO recently published the latest statistics for how many data breaches had been reported to it between April and June 2018. The data shows that total incidents from the charity sector were 137 – up from 21 for the same period in 2017.
The ICO makes clear that changes in data protection rules, bought on by the implementation of GDPR in May this year, are likely to be behind the increased reporting of incidents.
There were 3,146 incidents reported across all sectors, up 697 from the previous year. Charity incidents account for 4.4 per cent of all reported breaches, which is similar to the level in previous reporting periods.
The General Data Protection Regulation came into force this spring and appears to have prompted greater reporting across the board. The health sector reported the highest number of incidents (677) followed by general business (453) and education (415).
Most charity incidents (81) involved the disclosure of data and the other (56) involved various security issues.
The ICO has changed how it publishes its trends reports and said the recent release was an “abridged version of the detailed report”. It said a full report for the second quarter will be published "shortly".
The ICO now seperately publishes details of cyber attacks. There were 414 cyber incidents across all sectors between April and June 2018.
Charities were responsible for 15 cyber incidents. Nine of these were related to phishing, four involved unauthorised access, while there was one ransomware and one malware attack reported.