These figures were published in the ICO’s annual report and analysed by the Parliament Street think tank. The report cited the pandemic as the primary reason for this drop, and also mentioned that the introduction of mandatory breach reporting in sectors that handle large volumes of personal data has also contributed to the downward trend in personal data breaches reported to the ICO.

The industry which reported the highest instances of data breaches was healthcare – which made up 16.8 per cent of all personal data breaches reported to the ICO in FY 20/21. Education and childcare came second, reporting 1,160 personal data breach incidents over the last year, which is 13.6 per cent of the total quantity.

Retail and manufacturing was next at 10.9 per cent; finance insurance and credit was fourth with 10.5 per cent and local government placed fifth, having reported 8.8 per cent of the total personal data breaches reported to the ICO.

Furthermore, 71.4 per cent of all personal data breaches reported to the ICO led to no further action. However, more than one fifth (21.6 per cent) were investigated further – the specific outcomes of these investigated cases were not clarified.

The report did reveal, however, that 3.9 per cent of personal data breaches led to ‘informal’ action being taken, and just 0.1 per cent of cases led to formal action being taken, which included administrative punishment or a lower tier fine.