The DVLA reported nearly 200 breach notifications to the data protection regulator over the past year, according to new Freedom of Information (FOI) data.
FOI requests were sent to 17 government departments by secure storage vendor Apricorn, to assess the effectiveness of data security measures in the public sector. Some 14 departments provided responses for the period April 2019 to July 2020.
The DVLA said it submitted 181 breach notifications to the Information Commissioner’s Office (ICO) across 2019-20. By contrast, the Home Office submitted just 25 during the period, while NHS Digital notified the ICO only four times.
“The large number of data incidents being reported may be in part due to the increased awareness and changes in processes when identifying and managing data breaches. The change in requirements in line with the GDPR will of course see a rise in the numbers now being reported to the ICO,” argued Apricorn EMEA managing director, Jon Fielding.
“Needless to say, if the data is secure in the first instance, the number of breaches, and the need to report them, would obviously decline. Public sector bodies should follow the same process as any business would when it comes to mitigating risk. At the very least, data should be encrypted in transit and at rest so that, in the event defenses are compromised, the data remains inaccessible.”
He added that the surge in remote working thanks to the pandemic will also potentially introduce data security concerns if information is not properly protected when flowing out to home endpoints and cloud servers.