The office received 410 data security breach notifications from 123 organizations in 2010, compared with 119 notifications from 86 organizations in 2009. The office attributed the marked increase in data security breaches to a new code of practice for reporting data breaches published in July of last year.
“The key focus of the code is on informing data subjects of a breach so that they can consider the consequences for each of them individually and take appropriate measures to protect themselves. It also requires reporting to our office in most cases, the main exception being where the data has been made inaccessible in practice through use of strong encryption”, the report explained.
The number of reported data security breaches reached a monthly high of close to 100 in November, but the number dropped precipitously in December to around 40.
Most of the notifications came from organizations in the financial and medical fields, due to higher standards of transparency required by the code in those sectors.
Noteworthy data security breach incidents that took place in 2010 included the compromise of the Gaelic Athletic Association database, which contained the names and addresses of 500,000 members, in addition to birth dates, mobile phone numbers, landline numbers and email addresses for thousands of members.
Another data breach involved unlawful access to Ireland’s Department of Social Protection data by an employee, who provided records “on a very large scale” to private investigators. The Irish police are investigating the incident, the report noted.