Three-quarters of data breaches recorded by charities last year were accidental rather than because of a malicious attack, new figures show.
Analysis by the law firm JMW Solicitors of data published by the Information Commissioner’s Office over the past year found that there were 447 data breaches involving charities in the year to the end of March.
Of those, 76 per cent were due to “administrative error” or mistakes by the charities in question, with only 24 per cent being “cyber security incidents”.
Among the errors reported, 90 were cases in which electronic devices or documents containing personal data were either lost, stolen or left in an unsecure location, while a further 75 cases involved data being sent to the wrong person by post, email or fax.
Laura Wilkinson, associate solicitor at JMW Solicitors, said the figures indicated that some charities were not fully aware of their responsibilities under the General Data Protection Regulation, the stringent data protection rules that were introduced in 2018.
“Ensuring that personal data is properly protected is a legal obligation, not just an administrative courtesy,” she said.
“However, it would appear that many charities are still struggling to come to terms with their responsibilities under the GDPR and the Data Protection Act.”
Wilkinson said it was impossible to say whether the breaches were caused by charities failing to concentrate sufficiently on data now that the GDPR was no longer in the news.
“Whatever the reason, failing to follow the rules can undermine public trust in charities, which is a critical factor for organisations that rely so heavily on people’s goodwill and support,” she said.