{"id":985,"date":"2022-06-30T13:29:50","date_gmt":"2022-06-30T13:29:50","guid":{"rendered":"https:\/\/test.thesmsworks.co.uk\/blog\/?p=985"},"modified":"2022-09-09T15:37:31","modified_gmt":"2022-09-09T15:37:31","slug":"ico-data-incidents","status":"publish","type":"post","link":"https:\/\/thesmsworks.co.uk\/blog\/ico-data-incidents\/","title":{"rendered":"ICO Reports 564 internal data incidents since April 2015"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

ICO Reports 564 internal data incidents since April 2015<\/h1>\n\n

The ICO (Information Commissioner’s Office<\/a><\/strong>) is the UK government regulator responsible for policing and overseeing how personal data is handled and protected under GDPR.<\/p>\n\n

Even though the UK has left the EU the rules under GDPR remain broadly the same.<\/p>\n\n

Over the past few years they\u2019ve been responsible for handing out massive fines to companies that have failed to look after\u00a0personal data.<\/p>\n\n

Along with each fine they usually release a statement emphasising the consequences of incorrect or inadequate protection of personal data that organisations handle.<\/p>\n\n

When the\u00a0ICO fined TicketMaster\u00a0\u00a31.25 million\u00a0for a large leak of customer information in November 2020, James Dipple-Johnstone, Deputy Commissioner said:<\/p>\n\n

So we wanted to probe the ICO to discover whether they themselves are compliant with the very rules that they are there to enforce.<\/p>\n\n

The SMS Works sent a freedom of information request in early Nov 2021 to to ask whether there had been any internal data incidents over the past few years<\/p>\n\n

In early Feb 2022, the ICO responded to the request. (Somewhat outside of their 30 day target response time.)<\/p>\n\n

The ICO revealed the following,<\/p>\n\n

Since April 2015, the ICO reported an astonishing\u00a0564 internal data incidents<\/strong>\u00a0that were deemed by the organisation as serious enough for them to record. That’s an incident of some sort every 3.2 working days.<\/p>\n\n

When asked for more detail on the incidents they responded,<\/p>\n\n

\n

\u2018The vast majority of incidents involve accidental disclosure to a single
known recipient. For example, where a customer\u2019s data protection
concern is emailed to the wrong data controller.\u2019<\/strong><\/em><\/p>\n<\/blockquote>\n\n

Examples of these low severity types of incidents were provided as follows.<\/p>\n\n

We also asked for details on all the medium and high severity incidents that did not fall into the categories above.<\/p>\n\n

A large range of medium severity incidents were reported and internally recorded, covering a broad range of errors, mishaps and careless procedures. These included the following –\u00a0<\/p>\n\n

Unauthorised access to employees’ personal data by third party client of ICO’s payroll provider<\/strong><\/p>\n\n

Sensitive personal data emailed to third party individual in error.<\/strong><\/p>\n\n

Misaddressed correspondence<\/strong><\/p>\n\n

Misaddressed annual pension statements as a result of process failure by payroll provider.<\/strong><\/p>\n\n

Storage media sent off-site for repair with data<\/strong><\/p>\n\n

Notebook lost in transit<\/strong><\/p>\n\n

Wrong file sent to recipient<\/strong><\/p>\n\n

Data exposed on shared device<\/strong><\/p>\n\n

Incorrect permissions<\/strong><\/p>\n\n

Business email compromise attack<\/strong><\/p>\n\n

Data sent to wrong address<\/strong><\/p>\n\n

Data sent in error<\/strong><\/p>\n\n

Data exposed on EDRM<\/strong><\/p>\n\n

Casebook unaccounted for<\/strong><\/p>\n\n

All of these were recorded as medium severity except one which was a \u2018system failure\u2019 in May 2015. This was a high severity incident but The ICO failed to provide any more detail on what happened.<\/p>\n\n

I admire the honesty of the ICO in recording all the data slip-ups that have taken place – all 564 of them. There\u2019s no hint of them trying to cover up or minimise their seriousness.<\/p>\n\n

But I\u2019m alarmed at the sheer volume of mistakes and errors that the ICO is making. It strikes me as sloppy to be making these types of errors on such a massive, almost industrial scale.<\/p>\n\n

Related articles<\/strong><\/p>\n\n

ICO still failing to collect fines as 74% of fines remain unpaid<\/a>\u00a0<\/strong>ICO’s fine collection troubles continue<\/p>\n\n

Guide to opting out of marketing texts<\/strong>\u00a0<\/a>\u00a0Detailed report on the rules for SMS marketing<\/p>\n\n

Is SMS Encrypted?<\/a>\u00a0<\/strong>Is SMS safe\u00a0or could it be hacked?<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

ICO Reports 564 internal data incidents since April 2015 The ICO (Information Commissioner’s Office) is the UK government regulator responsible […]<\/p>\n","protected":false},"author":1,"featured_media":83,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-985","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/posts\/985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=985"}],"version-history":[{"count":0,"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/posts\/985\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/media\/83"}],"wp:attachment":[{"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thesmsworks.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}