Reports of data protection breaches up by 50% in 2021

In 2021, the Office of the Ombudsman registered an increase of more than 50% in the number of data breaches reported by members of the public.

Those reports included claims that personal data had either been accessed, lost, altered or disclosed in an unlawful or unauthorised manner, a statement from the office said, as officials released the statistic on the occasion of International Data Protection Day on Friday.

Deputy Ombudsman (Information Rights) Jan Liebaers, in response to Cayman Compass queries Friday, shared that the office is in the process of completing its annual report for 2021 to table in Parliament.

In total, the ombudsman found that, in addition to the increase in reports, there was also a rise in the number of confirmed breaches – just over 100 in 2021, compared to 65 in 2020.

Additionally, there were four formal data protection enforcement orders issued last year, versus one in 2020.

“The same trends are true for data protection complaints and inquiries as well.  Of course, this is only the second full year of the DP Act being in effect, so this is to be expected,” he added via email.

According to the statement, the office also saw a 15% increase in data protection queries from the public during 2021.

It stressed that data protection legislation is “more crucial to privacy and information rights than ever, given the onset of the Omicron variant of the COVID-19 virus”.

“Our office has released public guidance within the past year on data protection issues related to employees’ COVID vaccination data,” Liebaers said in the statement.

The Office of the Ombudsman, which oversees and enforces the Data Protection Act, reminded that individuals have the right to  complain  to  the Ombudsman if they believe their data is not being processed in compliance with the Act.

“Letting individuals know about their data rights and investigating complaints and data breaches is now the single busiest area within our office – particularly as more day-to-day commerce and public interactions have moved online in the wake of COVID shutdowns and work-from-home solutions,” Liebaers said.

The Data Protection Act, the statement said, contains important rights for individuals, including the right to be informed about how personal data is being used.

“Individuals also have the right to request corrections to inaccurate personal data, to object to direct marketing and to request access to their personal data. The Act also sets rules for the use of personal data by public and private sector organizations based on eight core data protection principles. Those cover fairness, adequacy, retention and security of personal data processing, among other requirements,” it added.