UNICEF data leak- Comment

Egress CEO, Tony Pepper

News breaking that a UNICEF employee had inadvertently revealed the personal details of 8,253 users of its Agora online learning platform, through a piece of unstructured data, has brought the need for organisations to ensure they’re using the right tools for the right job back into focus.

The leak saw the data of users enrolled on courses on childhood immunisation sent to 20,000 users of the educational system towards the end of August. Sensitive data such as names, email addresses, locations, gender, organisation, supervisor names and contract types were revealed.

GDPR has been firmly put back at the top of the boardroom agenda by the hefty fines recently doled out by the ICO to BA and Marriott, reminding organisations that they have a duty of care to protect all clients’ and service users’ data. Recent Egress research supports this approach; 60% of the 4856 personal data breach incidents reported to the ICO in the first six months of 2019 were the result of human error.

Regardless of whether UNICEF is subject to GDPR as a United Nations organisation, data incidents like this highlight the need to ensure that staff can share sensitive data securely when they need to – with policies and technologies forming a ‘safety net’ that reduce the likelihood of human error that puts information at risk. In particular, organisations should invest in more robust risk-based protection tools that work alongside the user, enabling them to work effectively and securely.