In the first quarter of 2015/16 there were 391 new data security incidents reported to the Information Commission Office according to their website (https://ico.org.uk/action-weve-taken/data-security-incident-trends/).
That constitutes an average of 130 incidents each month where information has been lost, stolen, compromised or inadvertently sent to the wrong recipient (31.5% of these cases related to information being given or sent to incorrect addresses and/or recipients). Is this simply down to bad luck?
What can be done to help public bodies reduce the number of incidents? Perhaps security protocols are not working as intended (e.g. too lenient or too difficult to follow and therefore, being ignored) or maybe these relate to processes.
I would be interested in hearing from anyone involved in data protection and security of personal data with their views on this subject.