What is a personal data breach?

The GDPR (General Data Protection Regulation) defines a personal data breach as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”. In broad terms, it’s a security incident that affects the confidentiality, integrity or availability of personal data.

Personal data breaches include:

  • Access by an unauthorised third party;
  • Deliberate or accidental action (or inaction) by a controller or processor;
  • Sending personal data to an incorrect recipient;
  • Computing devices containing personal data being lost or stolen;
  • Alteration of personal data without permission; and
  • Loss of availability of personal data.

Seven types of data breaches you need to know about

1. Cyber attack/criminal hacker
A cyber attack is a malicious and deliberate attempt to damage or disrupt a computer system or obtain the information stored on it. Cyber attacks can come in different forms, such as malware and password attacks. It’s often difficult to detect that an attack has taken place, as criminals use sophisticated techniques to gain access to your system.

2. Employee error
Common errors include sending the wrong document in an email or sending an email to the wrong person. Employees need to understand the most important elements of information security, and be made familiar with your security awareness policies and procedures.

3. Unauthorised access
Access controls are designed to stop certain information from being seen by the wrong people. A breach of these controls means that someone has gained unauthorised access to sensitive data.

4. Physical theft/exposure
Your organisation must consider physical exposure in its security plans. This type of data breach can be caused by improper disposal of sensitive information, or leaving a confidential document in plain sight.

5. Insider threat
Your employees know how your organisation operates, how vital information can be accessed and the measures in place to protect it, which is why you should put in place appropriate training and security protocols

Ransomware is a type of malicious program that demands payment after launching a cyber attack on a computer system. Even if your organisation decides to pay the ransom, there’s no guarantee you will regain access to your data.

6. Ransomware
Ransomware is a type of malicious program that demands payment after launching a cyber attack on a computer system. Even if your organisation decides to pay the ransom, there’s no guarantee you will regain access to your data.

7. Phishing
Phishing is one of the most common types of cyber attack. Every year hundreds of millions of phishing emails are sent, and you’ve almost certainly been targeted. They try to encourage you to click an unsafe link or download a malicious attachment in order to gain access to your personal information.

How e-learning can help

If you’d like to know more about creating a cyber security culture in the workplace, view our range of staff awareness training courses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.