Real-life examples of human error

Data breaches can happen at any time, have multiple causes and vary in scale. Those caused by human error are becoming increasingly common – as Gateshead Council is only too aware, having suffered a shocking 19 breaches in 10 months.

Of these incidents, 2 had to be reported to the ICO (Information Commissioner’s Office). One, in which a patient’s mental health information was accidentally uploaded to an online forum, saw no further action taken by the ICO as the forum was used by healthcare professionals who have a duty of confidentiality. The other, in which a council tax liability schedule sent to a debtor contained the names and addresses of 53 other debtors, is still being reviewed.

The other breaches

  • An educational psychologist’s report was sent to the wrong address. It was retrieved, and the address was updated on the system.
  • An employee lost a notebook containing service user information. The employee re-traced their steps and was “provided with advice about secure methods of accessing service user data when off site”.
  • A foster agency received information about a child not in its care. The report was destroyed, a correct record was sent, and staff were reminded to ensure information was only sent to the correct recipients.
  • Two incidents occurred when inaccurate addresses resulted in information on care services being sent to the wrong recipients.
  • Nine separate incidents saw correspondence relating to benefits or council tax sent to the wrong recipients.
  • A resident’s data was shared with their landlord without their permission.

While it appears as if the wrong information on systems is a persistent problem at Gateshead Council, there are steps employees can take to help prevent breaches, such as double-checking recipients before sending an email.

Reduce risks

It’s vital to educate staff who have access to sensitive data to ensure they know how to handle it appropriately and have a comprehensive understanding of data protection and information security best practices. Often, not enough emphasis is put on employees’ responsibilities; they need to be aware of the consequences of careless behaviour and bad habits.

You can reduce the risk of employee-related information security incidents with staff awareness training. E-learning courses are often a preferred method thanks to their flexible, cost-effective nature, delivering training to multiple users with minimal disruption.

To help you find the right training solution for your organisation, we now offer free, no-obligation trials of all our courses, allowing you to see them in action and decide if they’re right for you.

Our courses cover phishing, misuse of email, information security and cyber security, and the GDPR.

Find out more about our courses with a free trial >>