The number of data breaches reported to the Information Commissioner’s Office (ICO) in the first quarter of 2016 was 448, an increase on the same period in 2015 and 2014, when 423 and 445 incidents were reported.
The data was revealed by the ICO after a Freedom of Information request by Egress Software. The data shows that, despite numerous fines and warnings about data protection, many organisations fail to take the issue seriously.
The courts and justice sector saw a huge 500 per cent increase in data loss incidents from three in 2014 to 18 in 2016.
Another poor performer was the insurance sector, which reported 25 breaches in Q1 2016 compared with five in 2015 and six in 2014.
The worst performer in terms of the number of breaches is the healthcare sector with 184 incidents in the first quarter of 2016 alone, up from 171 in 2015 and 163 in 2014.
This comes despite huge fines handed out to healthcare institutions, including a recent £180,000 fine after Chelsea and Westminster Hospital NHS Foundation Trust exposed the email addresses of 780 HIV patients.
The cause of breaches continues to vary wildly, although most have an element of human failure, such as lost paperwork, post or emails being sent to the wrong recipients or uploaded to websites by mistake, or insecure disposal of hardware.
Hacking incidents also remain a major problem. There were 39 reported to the ICO in the first three months of 2016 compared with 41 in 2015.
Egress CEO Tony Pepper explained that organisations still don't take data protection seriously enough and fail to put adequate training and mitigation methods in place.
“Clearly at a board level, mistakes continue to be made as priorities aren’t balanced, leaving companies exposed," he said.
“The fact that so many breaches are caused by methods of working that are known data breach pitfalls, such as faxing and posting sensitive information, or using plaintext email, should be a major concern for all organisations."
Pepper added that this lack of focus on data protection is especially worrying given that the new General Data Protection Regulation (GDPR) will increase the burden on firms to ensure data is adequately protected, or risk even bigger fines and lost business.
"Corporate organisations are already increasingly coming under the spotlight following several high-profile breaches of consumer data over the last 12 months, and the GDPR will only amplify this," he said.
"Additionally, as individuals become more aware of the data these companies hold, and the measures they put in place when processing and sharing it, they will inevitably also put pressure on organisations to better protect their data, or they will simply take their custom elsewhere."
Even if the UK leaves the European Union after the referendum, firms in the UK will still have to abide by the GDPR, meaning that its impact cannot be ignored.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display