Data protection failures can affect companies of all sizes and in all industries.

5 data protection errors your business could be making

Data protection failures can affect companies of all sizes and in all industries. Looking at the financial sector as an example, a recent study from Egress Software Technologies revealed a worrying 183 per cent rise in reported Data Protection Act (DPA) breach investigations over the last two years, with 585 incidents reported in 2014 alone.

Given the scale of the problem and the vast range of businesses at risk of suffering such a breach, it is clear that many organisations either do not fully understand their data protection responsibilities, or struggle to implement measures to avoid them occurring. With that in mind, here are some of the most common errors businesses make when it comes to protecting their data:

Loss or theft of paperwork

Arguably the simplest of all data protection breaches, loss or theft of paperwork was also the most common issue reported to the Information Commissioner's Office (ICO) in the first three months of 2015, with 120 separate incidents recorded over the quarter.

When data is lost or stolen, the affected company will naturally consider whether there is any way it can be recovered. Herein lies the problem: whereas digital information could potentially be accessed and secured remotely, there is generally little that can be done to recover lost or stolen paperwork, beyond searching for it or appealing for its return.

Failure to fulfil principle 7 of the DPA

Under principle 7 of the DPA, businesses must take "appropriate technical and organisational measures" against any unauthorised or unlawful processing of personal data, and also against the accidental loss, destruction or damage of this information.

The ICO's figures indicate that organisations are regularly failing to take these steps, with a total of 394 breaches categorised as "other principle 7 failure" reported in the 12 months to March 2015.

Data sent to the wrong recipient

Another simple mistake that is hard to guard against. Throughout 2014-15, the ICO received reports of 324 occasions when information was posted or faxed to the wrong person, while a further 207 incidents saw data emailed to the incorrect recipient.

This highlights the extent to which employee error is placing potentially sensitive information at risk. The ICO's latest figures reveal that a staggering 93 per cent of all data breach incidents are related to human error of some kind.

While it is easy to blame these all-too-frequent occurrences on disgruntled staff leaking data for personal gain, the reality is that this only accounts for a relatively small proportion of leaks. In the majority of cases, employees are simply careless or unclear about the rules they have to follow, often due to a lack of proper training.

Insecure webpages

When it comes to data protection, a lack of website security is a major concern. A recent survey carried out by the UK government and PwC discovered that 90 per cent of large businesses and 74 per cent of small and medium-sized enterprises have suffered an information security breach of some description, highlighting the severity of this issue. It also warned that attacks from outsiders are becoming increasingly common, with more reported incidents from businesses of all sizes.

The 2014-15 business year saw 111 data breach reports related to insecure webpages, peaking in the final quarter, when 41 incidents of this type were reported.

Loss or theft of unencrypted devices

Of course, people make mistakes, and there is no way for a business to completely eradicate the loss or theft of devices containing sensitive information.

The real concern here is the fact that so many unencrypted devices are potentially falling into the wrong hands. Indeed, an average of 28 unencrypted devices are lost or stolen every quarter, according to the ICO's figures.

If your employees need to take devices out of the workplace, the sensible lesson here is to ensure they are encrypted, therefore reducing the impact of any theft or loss.

← view more blog posts