ICO: ‘Organizations don’t fully recognize impact of data breaches’

Businesses and organizations aren’t aware of the devastating effects a data breach can have on people’s lives. They should show more empathy and do more to prevent these accidents from happening.

“Such breaches can lead to stigma, fear, discrimination, or even physical danger. For those in already difficult circumstances, the effects can be devastating and life-altering,” Information Officer John Edwards says in a blog.

The Information Commissioner’s Office (ICO) receives too many complaints from people who were affected by a data breach but don’t feel themselves being heard or taken seriously by the organization responsible.

A new study reveals that nearly 30 million people in the United Kingdom have had data lost or stolen. A total of 30 percent of the victims report emotional distress, but yet a quarter (25 percent) doesn’t get any support from the organization that suffered a data breach. Approximately a third of the victims (32 percent) have to find out through the media their information has been stolen instead of the organization itself.

According to Edwards, these numbers show that too many organizations don’t fully comprehend the harm they cause when personal data is being mishandled. That’s why he’s calling out businesses and organizations to do better.

“To many organizations, a data breach might seem like a temporary setback, something that can be patched up with technical fixes and compliance reviews. But from the perspective of individuals -especially those in vulnerable situations- a breach can have a far-reaching ripple effect that disrupts their lives in ways that some may not fully appreciate,” he states.

The Information Commissioner feels that organizations responsible for a data breach should show more empathy and commit to more action. They should be ‘more human’ in their reaction towards victims and make sure it doesn’t happen again.

“At the ICO, we are committed to protecting individuals, especially those who are most at risk of harm from data breaches. But this cannot be done alone. We need organizations to step up, to do better, and to recognize the critical importance of data protection in safeguarding people’s lives,” Edwards concludes.

Adam Freedman, Policy, Research & Influencing Manager at National AIDS Trust, who worked with the ICO on ensuring that the harms of personal HIV data breaches are recognized and understood, fully agrees with Edwards and points out that a data breach should not be treated like a technical error.

“The stigma and discrimination experienced by people living with HIV is compounded by the additional distress caused by unlawful data breaches. We welcome the new guidance provided by the ICO and urge organizations to consider the very real human impact of mishandling someone’s personal information,” he says in a statement.