The ICO has received over 8,000 breach reports since GDPR came into force, making reporting mandatory in some high risk circumstances, according to a speech by the Information Commissioner, Elizabeth Denham, in New Zealand on 4 December 2018.  The obligation to report within 72 hours has provided a significant challenge in many cases.

In practice, ICO statistics pre-GDPR show that the most common cause of breaches in the legal sector are email errors, followed by cyber incidents, data posted or faxed wrongly, and loss or theft of unencrypted data.  So, while attention to technical issues such as anti-virus, firewalls and software patching is essential, are you addressing the largest single cause of data breach?  There are measure which can be implemented to help address email error, software solutions using artificial intelligence, and applying a delay to outgoing emails.

The ICO published guidance on Security in April 2018, and on Passwords in online services and on Encryption in November 2018.

‹ Back to Publications