Charity sector responsible for 27 data security incidents in Q1: down on Q3

The charity sector was responsible for 27 data security incidents in Q1 of 2017, its lowest total since at least April-June 2016, according to data from the Information Commissioner’s Office. The ICO’s data shows that the majority (six each) fell under the categories of loss/theft of paperwork, and other Principle 7 failure. Other incidents reported included loss/theft of an unencrypted device, insecure disposal of paperwork, failure to use bcc when sending data, cyber incidents, failure to redact data, and data left in an insecure location. In the previous quarter, October to December 2016, there were 33 incidents, including 16 Principle 7 failures. Data security incidents are breaches of the seventh data protection principle, or personal data breaches reported under the Privacy and Electronic Communications Regulations. Overall in Q4, the ICO received 678 reported incidents: an 18% increase on Q3. There was a 20% increase in data sent by email to the incorrect recipient, and a 32% increase in failure to redact data, while ‘cyber incidents’, which include phishing and exfiltration were the most commonly reported incidents. The health sector reported the most incidents, with a 278% increase in cyber incidents, followed by general business, and local government.  

from UK Fundraising http://ift.tt/2vFp3ft