The Office of the Data Protection Authority (ODPA) says almost 5,000 people were impacted by data breaches between the start of October and end of December.

That is significantly higher than the number of people impacted during the previous quarter (2,837), but fewer people were affected by ‘high risk’ breaches at 187, down from 517.

Recent incidents included an employee dropping a USB drive containing personal data. It fell out of their pocket and was picked up by a member of the public, and then reported to the authority. 

“Fortunately, the information stored on the device was deemed low risk to any individuals identifiable,” said the ODPA.

“Nonetheless, this serves as an important reminder that where the use of external storage media is considered necessary, the device should be appropriately encrypted and password protected to minimise the risk of unauthorised access.”

How do the stats compare to a year ago?

Q4 2024 saw an overall decrease in the number of breaches compared to Q4 2023, but the amount of people affected in 2024 was much higher, said the ODPA.

The 2023 breach data was largely impacted by one big incident, while 2024 data reflected more consistent smaller breaches.

There were 39 reported breaches in Q4 2023, down to 33 breaches a year later.

In Q4 2023, 1,115 people were affected by breaches, much lower than the almost 5,000 impacted in the same period for 2024.

Who’s reporting the breaches?

The most common reporting method seems to be through a company’s employees.

Out of the 33 breaches reported in Q4 2024, 14 were reported by staff, and not through an audit.

10 were found through “other” methods, five from unconnected third parties, and four from being notified by a “data subject”. 

Who’s impacted? 

The vast majority of those impacted in self-reported breaches are customers, followed by people who are contacts, then patients. Students, Staff, Volunteers and service users are next, followed by vulnerable patients. 

What are the impacts of data losses?

The list is long, but Guernsey has avoided some of the worse possible impacts of breach of data, says the ODPA.

The most common was loss of confidentiality, followed by Personal Data Control. Damage to reputation and emotional distress are the next most common, followed by identity theft, financial loss, and fraud. 

There were no reported incidents of unauthorised pseudonym reversal, physical harm, limitation of rights, or discrimination as a result of a data breach. 

If you’d like to know more about reporting a data breach, and the statistics provided by the ODPA, you can visit their website HERE.