Guernsey’s Revenue Service has been reprimanded by the Office of the Data Protection Authority (ODPA) for sending personal information to the wrong email address, highlighting the need for stronger data protection practices. An ODPA investigation found that sensitive personal data related to individuals indebted to the Committee for Health and Social Care was sent through an unsecured channel instead of the required secure email platform. This failure exposed private information and undermined confidence in the agency’s data protection efforts. The Revenue Service has since upgraded its secure email platform and ensured its use across the organisation. The ODPA emphasised that security safeguards must evolve continuously to address new risks. This incident underscores the importance of enforcing and monitoring data protection policies. Organisations must prioritise regular training, audits, and swift responses to risks maintaining public trust and safeguard sensitive information.

Link to BBC article: Guernsey’s Revenue Service reprimanded for personal data breach – BBC News