Staff in large enterprises send 136 emails per week to the wrong person, according to new data from Tessian released to coincide with today’s Data Protection Day.
The annual event was launched 13 years by the Council of Europe to recognize the date in 1981 that signatures were invited for Convention 108, the first legally binding international treaty on data protection.
However, despite the introduction of the GDPR nearly two years ago and the filing of over 160,000 breach notifications in the intervening period, poor data protection practices still appear to be rife.
Analyzing data from its global network of clients, Tessian claimed that corporate data is sent to unauthorized or personal email accounts nearly 200,000 times a year, for enterprises of 10,000 employees and up.
For large businesses of 1000 employees, the figure is nearly 20,000, while it drops again to around 5000 for SMBs.
Tessian CEO, Tim Sadler, claimed that human error is still the leading cause of breaches today — whether staff are deliberately breaking the rules or simply being negligent.
“Everyone has an email blunder story. After all, the average worker spends over a third of their working-week on email, so mistakes are bound to happen. But we’re seeing serious repercussions beyond just embarrassment over cc-ing the wrong person – more people are exposing personal and corporate data,” he added.
“These mistakes could see your data falling into the wrong hands and your company facing the regulator’s wrath under GDPR.”
Also known as Data Privacy Day in the US and elsewhere, the event is an opportunity to raise awareness among consumers and businesses of their respective online rights and responsibilities regarding data protection.
The GDPR has already done much to promote these within the EU and beyond, the European Commission claimed in a statement issued to mark the occasion.
“According to Eurobarometer results, the highest levels of awareness among citizens are recorded for the right to access their own data (65%), the right to correct the data if they are wrong (61%), the right to object to receiving direct marketing (59%) and the right to have their own data deleted (57%),” it revealed.
“Our priority and that of everyone involved should be to foster a harmonized and consistent implementation of data protection rules throughout the EU.”
However, the legislation remains a work in progress, according to Dob Todorov, CEO of HeleCloud.
“In truth, a chasm exists between the legal language used and the IT implementation needed to support it. And, while this chasm exists, some businesses will fail to meet the data protection standards that this regulation promotes — either accidentally or through the abuse of the grey areas,” he argued.
“As regulators look to hand out more fines, they should also focus on providing pragmatic and clear guidance at a technical level, without discriminating against current or future technologies.”