Human errors are the most common threats to exposing a person’s personal information to data breaches according to an analysis of reported data breaches by Rapid7, a security intelligence company. Rapid7 compiled the data breach information for the report based on the number of reported public information data breaches from January 2009 to May 2012 in the Chronology of Data Breaches maintained by the Privacy Rights Clearinghouse, a nonprofit privacy advocacy group.
The data breach statistics from the report totaled 268 incidents affecting 94 million people. The biggest factor responsible for the largest number of breaches of data was unintended disclosure due to negligence and clerical errors. 78 incidents led to exposing almost 12 million records of private information. The next highest number was 51 incidents due to the loss of a portable data storage device which resulted in breaching almost 82 million personal records. Hacking was low on the list, adding up to 40 incidents exposing about 1 million records.
What can be done about this alarming problem?
Security experts advise implementing nationally mandated data breach protection protocols and developing effective breach response programs in conjunction with cyber security training for employees who handle sensitive public data. Employing technology such as encryption is another method to counter human error since it is inexpensive, simple to administer and highly effective in protecting data. Using management software that can track and monitor which devices are being used, monitor downloaded data and has the ability to remotely wipe the memories of lost or stolen devices is another data protection tool.
Some experts even go so far as to suggest that all these initiatives need to be backed by a law that punishes workers who fail to follow these protocols with either firing them from their jobs or jail time, depending on the severity of the data breach. The bottom line is that protecting the public’s most private information is serious business and those who are entrusted with such sensitive information need to recognize that they have a responsibility to protect the public’s privacy. And in turn, it’s a responsibility that we, the people must ensure that they take seriously.