Good response to data law change, says ODPC
LOCAL BUSINESSES are responding well to higher data protection standards a month on from new legislation being introduced.
Since the law changed on 25 May, seven reports of data breaches – all at the lowest level – have been received by the Office of the Data Protection Commissioner.
The new law makes it mandatory for local organisations to report a data breach within 72 hours of becoming aware of it.
Data protection commissioner Emma Martins, pictured, said this low number of breaches was an indication of how well Bailiwick businesses had responded to the higher standards required of them under the new legislation.
The breach reporting obligation exists to ensure organisations recognise the importance of compliance and invest in systems that provide maximum protection for what is probably the most valuable asset held – personal data.
‘The breach reports we have received predominantly relate to organisations unintentionally sending personal data to the wrong recipient, for example, by software auto-completing an email address and the user not checking before they send the email,’ she said.
‘We categorise each breach we receive depending on severity – the seven received in the month since the law changed have been ranked as low risk.
‘This means that the breaches are unlikely to cause harm to the person whose data has been disclosed accidentally.’
Mrs Martins added that her team had been encouraged by the preparedness of local businesses, particularly by those which have evidenced an effective data breach response plan.
‘When data protection is done well it builds and maintains trust between organisations and the individuals whose data they hold.
‘It is positive that this trust is being extended to us as the regulator by letting us know when things have not gone to plan.’
The ODPC is also supporting local organisations through the new statutory breach reporting process. ‘The key message for local organisations is that we will work positively and constructively with you in the event of a data breach to improve compliance, for the benefit of everyone,’ said Mrs Martins.
She added: ‘We are grateful for the insight that breach reports provide us as they alert us to issues early and provide invaluable insight into the risk environment.
‘This helps us to target our resources to support better compliance across the Bailiwick.’
The ODPC is working to improve its online breach reporting mechanism and has asked for any comments to be submitted via enquiries@odpc.gg.
