The UK’s Ministry of Defense (MoD) experienced an 18% rise in personal data loss incidents in the financial year 2019/20, according to official figures analyzed by the Parliament Street Think Tank.
The UK government’s defense department revealed there were 546 reported incidents of personal data loss during the last financial year, up from 463 in 2018/19. Seven of the incidents were reported to the Information Commissioner’s Office (ICO) owing to their serious nature.
The vast majority (454) of incidents were recorded under the category of unauthorized disclosure. A further 49 were classified under loss of inadequately protected electronic equipment, devices or paper documents from secured government premises, with another 19 reported from outside of government premises.
Of the seven most serious incidents reported to the ICO, one involved a sub-contractor incorrectly disposing of MoD originated material in July 2019, which led to the personnel and health data of two former employees being accidently disclosed. Another occurred when a recorded delivery package containing the claims for forms of five individuals was lost in transit between two stations in February 2020. A third example revolved around a whistleblowing report that had not been properly anonymized.
Commenting on the figures, Tim Sadler, CEO at Tessian, said: “Time and time again we see how simple incidents of human error can compromise data security and damage reputation. The thing is that mistakes are always going to happen. So, as organizations give their staff more data to handle and make employees responsible for the safety of more sensitive information, they must find ways to better secure their people.
“Education on safe data practices is a good first step, but business leaders should consider how technology can provide another layer of protection and help people to make smarter security decisions, in order to stop mistakes turning into breaches.”
The data is likely to add to fears over the vulnerability of public sector organizations to data breaches, particularly since the shift to remote working during COVID-19.
In December, Parliament Street reported that the Ministry of Justice (MoJ) had suffered 17 serious data breaches during the last financial year.