The most common way for organisations in Guernsey to find out about a data breach last year was for one of their employees to spot it.

Of the 250 personal data breaches reported last year, 80 were discovered by employees, according to the Office of the Data Protection Authority.

A further 58 were spotted by one of the people or organisations whose data was compromised.

A spokesperson for the ODPA said the data suggested “improved awareness” from people handling personal data about the risks involved.

The spokesperson said the news was “cause for encouragement” as detecting breaches internally could “reduce harm” and speed up resolution times.

Email issues

The ODPA said emails sent to the wrong person were the most common type of breach reported.

On top of this, several breaches in the last part of 2025 were down to people using personal email accounts to send or receive work-related information.

A person types on a laptop while digital graphics of email icons, a green security shield, and red warning symbols appear above the keyboard, representing phishing threats and secure email protection.
Pictured: Using personal email for work can “blur the lines” between your job and your personal life, the ODPA said.

The spokesperson said this caused several problems, as it meant emails were outside the “usual security policies” so “information could easily fall into the wrong hands”.

Using personal email for work could also “blur the boundaries” between people’s personal life and job.

The ODPA said companies could check its online cybersecurity checklist as well as advice for handling data breaches.