![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
David Smith, deputy commissioner and director of data protection at the UK Information Commissioner’s Office (ICO), has said that organisations reporting their data security breaches may find themselves subject to regulatory action, but “…those that try to cover up breaches which we subsequently become aware of are likely to face tougher regulatory sanctions.” Though it is not a legal requirement to report data breaches, more than 800 organisations have reported breaches to the ICO in the past two years.
According to the ICO, organisations can minimise the risks of security breaches involving personal information by ensuring that all portable media devices containing personal information are encrypted. Staff must be adequately trained and organisations should give proper consideration to restricting staff from downloading large volumes of data onto memory sticks and other portable devices.
