- Information Commissioner urges people to “stop the negative ripple effect” and improve data protection for people in vulnerable situations
- Commissioner called for “empathy and action” when working with vulnerable people who have experienced a data breach
- New figures reveal nearly 30 million people have had data lost or stolen, with 30% experiencing emotional distress
Information Commissioner John Edwards has today urged organisations across the country to recognise the real-world impact of data breaches - and the devastating effects they can have on people’s lives.
Figures revealed by the Information Commissioner’s Office show nearly 30 million people in the UK have experienced a data breach. In total, 55% of UK adults reported having had their data lost or stolen, with 30% of them experiencing emotional distress as a result. Yet 25% said they received no support from the organisations responsible and 32% found out through the media rather than from the organisation itself.
Qualitative research conducted by the ICO also revealed experiences of people having to move homes, feeling forced out of their jobs and facing discrimination as a result of data breaches they had experienced. People told the ICO they felt the real impact on their life was insufficiently recognised by the organisation responsible.
In an article published alongside the figures, John Edwards said people in vulnerable situations - such as survivors of domestic abuse and those living with long-term health conditions- are often disproportionately affected by such breaches. These people may already be in precarious situations, and the unauthorised disclosure of their personal data can heighten the risks they face.
“There are two important things I need organisations to understand: empathy and action. You have a role to stop the negative ripple effect in someone’s life from spreading further. It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again.
“We trust organisations with some of the most sensitive personal information imaginable, yet these data breaches continue to happen. This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need organisations across the country to do better.”
- John Edwards, Information Commissioner
Adam Freedman, Policy, Research & Influencing Manager at National AIDS Trust, who worked with the ICO on ensuring that the harms of personal HIV data breaches are recognised and understood said:
“The stigma and discrimination experienced by people living with HIV is compounded by the additional distress caused by unlawful data breaches. We welcome the new guidance provided by the ICO and urge organisations to consider the very real human impact of mishandling someone’s personal information.”
The ICO remains committed to working alongside organisations to help them improve their data protection practices, and has published new guidance to support in this endeavour. We’d love to hear your feedback on our call to action, please take five minutes to complete this survey.
Research was conducted by Savanta on behalf of the ICO. Savanta conducted the survey amongst 5,533 members of the UK public. Fieldwork took place between 11th January and 14th February 2024.