Charities reported 102 data breaches to the Information Commissioner’s Office (ICO) between October and December 2019.
The ICO recently published the latest figures, which show that it received 2,795 reports in total. This means that that charity sector made up 3.6 per cent of all reports.
There are no comparable figures for the previous year because the ICO changed its methodology and did not publish figures for that period. But it is broadly similar to the number reported during the previous quarter in 2019.
Most of the charity incidents were classified as “other non-cyber incident” (31). This was followed by “loss/theft of paperwork or data left in insecure location” (19) and then “phishing” (12).
Five incidents involved “data posted or faxed to incorrect recipient”, and three were because of a “failure to use bcc”.
There were four cases of “data emailed to the incorrect recipient” and three instances of “verbal disclosure of personal data”.
The sector with the highest number of incidents was health (542), followed by education (429) and general business (258).