What is a data breach?

Generally speaking, a data breach is said to have occurred when sensitive, confidential, or protected information is shared and/or viewed without permission, either by an unknown person or third party without the relevant authorisation to do so.

Many businesses around Ireland collect information about their employees, clients, patients, or users, and can include contact information, bank details, biometrics, and/or passport numbers. Businesses and organisations are legally entitled to collect this data, provided that they are fulfilling their obligations under EU General Data Protection Regulations (GDPR) to ensure that it is safe and protected.  These regulations are applicable to all businesses that handle the personal data of an EU citizen, regardless of whether the businesses is based in Europe or not.

However, the unfortunate reality is that many businesses in Ireland do not have the appropriate steps or processes in place to safeguard against such data being stolen by third parties. Once a person’s personal data is stolen, it can be shared, viewed, and accessed from anywhere in the world, leaving that person and their life open to the potentially devastating consequences of theft or identity fraud.

How do data breaches happen?

The reasons for how data breaches occur are varied. Often times, it is simply down to human error. It could be that an employee accesses a colleague’s computer using login information that is not their own, or perhaps sensitive information was unwittingly shared in an email to an unauthorised party. Other examples of how data breaches occur may be due to misplaced devices, viruses, phishing scams, or sensitive information being left in an unlocked area that is easily accessible.

So how can a data breach be prevented?

According to the Data Protection Commission’s (DPC) annual report for 2021, last year saw a total of 6,549 valid data breaches reported to the DPC, representing a 2% decrease on the numbers reported in 2020. These figures are a stark reminder of the importance in ensuring that your business is compliant with GDPR regulations and has the appropriate protections in place to mitigate the risk of data breaches.

At a minimum, the prevention of data breaches can be prevented by implementing security software and protocols that are updated regularly. It is imperative that these protocols are end-to-end encrypted, meaning that third parties are prevented from accessing data in the event that it is being transferred from one end system or device to another. Other measures can include educating employees on best practices when handling sensitive information, applying multi-factor authentication, and the continual monitoring of systems to identify any potential hacks or attempts to steal data.

If you’re unsure, contact a solicitor

Of course, not every organisation or business owner will have the applicable knowledge or skills to set up such substantial security features against digital threats by themselves. In this case, it is strongly recommended that you speak with an accredited GDPR solicitor who will tailor a custom data protection plan to suit the needs of you, your business, and your employees. Not only will this help to prevent the risk of data breaches, but also in guaranteeing that your business is conforming to its obligations under GDPR regulations.

*In contentious business, a solicitor may not calculate fees or other charges as a percentage or proportion of any award or settlement.*