Data breaches increase by 40%
THE number of data breaches reported in Jersey has risen by 40% in the past year, according to new figures.
In his annual report, Information Commissioner Jay Fedorak revealed that 256 have been assessed and evaluated with 54 outstanding.
Mr Fedorak said that increased regulations brought into force last year will have led, in part, to the rise. He said: ‘With the new laws instituted in 2018, our enquiries, breaches and complaints increased by 300%.
‘Growth continued in 2019 with respect to complaints and data breaches, albeit at the slower pace of an increase of 40%.
‘We also investigated our first major breach. It involved a forensic examination of an IT system and required us to exercise our powers to compel production of evidence. The result involved the JDPA issuing its first public statement.
‘Our growth has required increased funding and expanded working space. Our largest and most important project in 2019 was developing a new fee and registration model.
‘We wanted to ensure that the new system would produce the right amount of funding that reflected data risk and ability to pay.
‘We also wanted to improve the registration system to make registering easier and quicker.’
The major breach related to recruitment firm CSS Ltd, which committed three breaches, including loss of systems caused by a virus, loss of system integrity, and the system being accessed by a third party.
It was accessed by a hostile external third party and led to loss of information on families, employment and identity.
The report also highlights that where complaints are made and are investigated, the body tries to resolve the issues rather than taking action.
In 2019, the Jersey Data Protection Authority did not issue any enforcement notices. Mr Fedorak said: ‘At the close of 2019, we had 54 active complaints, with just over a quarter of complaints requiring ‘no further action’.
‘No further action means that JOIC’s investigation concludes that we were satisfied with the actions taken by the organisation involved to resolve the complaint.
‘We are pleased to note that 35 of the complaints resulted in positive outcomes involving business improvements to processes and procedures to protect personal information.’
Sorry, we are not accepting comments on this article.