The UK Home Office - the government department responsible for UK security, immigration and law enforcement - has revealed that it recorded 9,205 personal data incidents during the last year.
This means that, in just one year, the number of such incidents almost doubled - from 4,984 in the financial year 2020-21, to 9,205 in 2021-22.
A 418% increase in data incidents due to losses outside of government premises
The Annual Report and Accounts 2021-22 of the Home Office revealed that the government body experienced more than 9,000 personal data incidents from April 2021 to March 2022.
Of these, 13 had to be formally reported to the Information Commissioner’s Office (ICO) directly. Seven out of these 13 were classified as unauthorised disclosures of information, and one was a device or paper document lost, somewhere outside of secure government premises.
In fact, out of the remaining 9,192 personal data incidents (which were not reported to the ICO) 5,959 were incidents where devices and documents were lost outside of government premises. In comparison, in 2020-21 just 1,150 incidents fell into that category, meaning there has been a 418% rise in such incidents.
But, there has been improvement in a number of areas. For instance, in 2021-22, 1,826 of the total personal data incidents were unauthorised disclosures of information. In 2020-21, however, this number was significantly higher, at 2,229.
Commenting on this report, the Home Office stated that it “has continued to improve both awareness and education around the identification of personal data related incidents and this has led to the increase in reported incidents across all categories.”
“This represents a move towards a more robust level of assurance as confidence in positive behaviours around incident handling grows.”
“This is a key stage in becoming a more mature organisation in this aspect, where the number of incidents reported is not viewed in isolation but considered against the vast quantity of data handling instances undertaken throughout the organisation, on a daily basis.
“Every data incident reported within the business undergoes analysis, followed by a decision around the need for further action.”