Data leaks are still common. Who is responsible for this? We asked about this in an opinion poll: you can find the answer here.
Biggest cause of data leaks: Human errors
Last Updated on: 2/2/21
The General Data Protection Regulation (GDPR) has been in force across the European Union for over two years. The introduction of this law brought a number of changes. For example, there were more responsibilities for organizations, people were given more privacy rights and the consequences for not complying with this law results in high fines. In addition, organizations are also obliged to report in time if a data leak has occurred. Especially this last fact has caused a significant increase in the number of reported data leaks.
More than 281,000 personal data leaks have been notified by organizations, from May 25th 2018 to January 27th of 2021, according to DLA Piper. Germany, The Netherlands and the United Kingdom had the most reported data leaks, with 77,747, 66,527 and30,536 respectively.
Source: DLA Piper
The biggest cause of data leaks is surprising: it's human error. Keep on reading if you'd like to learn more about this.
Human error causes most data leaks
Whoever thinks of data leaks, mostly thinks of cybercriminals: attacks from external parties that are focused on intercepting your sensitive data. But, think again. In the Netherlands for example, a report by the AP (the Dutch Data Protection Authority) shows that a vast majority of data leaks (66%) is caused by human error, i.e. sending personal / privacy sensitive data to the wrong recipient. This compared to the 30% caused by hacking, malware and / or phishing.
Read more: Employees, the weakest link in Data Security: Tips that will help you
An example of a data leak:
Ellen is about to send an email. Privacy-sensitive information is included in both the message and the attachments. The message is intended for Mathew, the accountant who has requested specific information. At the "to"-field, Ellen starts typing the name, and when reaches “Mat ..” she presses enter. Ellen thinks that the email program has automatically added the name Mathew, with the corresponding email address of the accountant.
But this wasn't quite the case. The email was sent to another Mathew, from an external party with whom she has regular email contact. He has now received all data that was not intended for him.
Such mistakes are often made by lack of awareness. And that's a shame, because the consequences afterwards can be immense. The GDPR has two categories of violations with corresponding fines. In both cases, these are substantial amounts: it can be max. 20 million euros or 2-4% of the annual worldwide turnover. Something you're not really waiting for- not to mention the damage suffered by those involved.
According to DLA Pipers's latest annual General Data Protection Regulation (GDPR) fines and data breach report of the 27 European Union Member States plus the UK, Norway, Iceland and Liechtenstein, a total of EUR272.5 million (about USD332.4 million / GBP245.3 million) of fines have been imposed since the introduction of the GDPR.
Imagine: what consequences would it have for your organization if privacy-sensitive falls into the wrong hands?
Awareness is key to minimize data leaks
Being free of data leaks can't be promised. An accident can happen anytime. However, you can minimize the chance of a data leak by increasing awareness. Those who share privacy-sensitive information will have to be alert and prevent this information from reaching the wrong person. How exactly do you do this?
Tips to prevent data leaks
1) Use a secure email provider.
2) Make use of the right techniques that correspond to awareness.
We have two golden tips for you, so you can always email securely:
1) Use a secure email provider. By choosing the right email solution, you can send and receive messages securely, so privacy-sensitive information remains protected. A solution that allows you to block messages after sending, enables the correction of an error you made.
2) Make use of the right functionalities that respond to awareness. If data still ends up too often with the wrong recipient, it is necessary to check the current process or secure email provider. Is it possible to check whether the correct recipient has been selected before sending? This way you reduce the chance that the wrong recipient will receive your email.
Keeping your data secure is not difficult: you just need to know what to focus on.