Reeling in the Data Breaches: Highlights from the Irish Data Protection Commissioner’s 2023 Roundup

In true "Reeling in the Years" fashion, let’s take a look back at 2023—the year of data mishaps, mini-crises, and more GDPR fines than you can shake a Terms of Service at. The Irish Data Protection Commissioner (DPC) had its hands full with cases big and small, from everyday errors by local businesses to international giants testing their luck. Here’s a light-hearted take on the year’s standout moments in data protection, brought to you by Eggers Cybersecurity. You can read the full report here.

The Big League: Record Fines from Familiar Faces

2023 was a banner year for the DPC’s enforcement powers, with €1.55 billion in fines, 87% of which were issued right here in Ireland. When Meta and TikTok flouted GDPR like it was a mere suggestion, they found themselves at the sharp end of the DPC’s regulatory stick:

1. Meta’s Pricey Privacy Problem – €1.2 Billion Fine
   • Cross-border data transfers are a tricky business—especially when those borders separate the EU from the US. Meta found itself facing a staggering fine after transferring user data stateside without sufficient protections. A cool billion or so later, we’re sure the lesson on data sovereignty hit home.
2. TikTok’s Expensive Lesson on Kids’ Data – €345 Million Fine
   • In a case that had kids and parents paying attention, the DPC fined TikTok over privacy missteps involving minors. Collecting data on young users comes with strict rules, and ignoring them cost TikTok dearly.

But while big names hogged the headlines, the DPC kept just as close an eye on smaller businesses. Let’s dive into some “everyday” breaches that reveal common data protection pitfalls—and how Eggers Cybersecurity can help you avoid them.

Smaller Breaches: The Everyday Missteps That Add Up

While Meta and TikTok made the headlines, 2023 saw thousands of smaller breaches reported to the DPC. From misplaced letters to accidental CCs, the DPC’s breach database reads like a manual on how not to handle data.

Here are a few of the most common (and cringe-worthy) slip-ups:

1. The Case of the Misdirected Post

• Key Stat: 52% of breaches involved data sent to the wrong recipient.
• That’s right—more than half of the breaches in 2023 involved someone putting the wrong letter in the wrong envelope or hitting “send” without checking the email address. This happens across industries, from legal firms to healthcare providers, each one leading to unintended recipients getting an unexpected glimpse into someone else’s business.
• How We Help: At Eggers Cybersecurity, we offer cybersecurity audits that assess your data handling practices, spotting weaknesses like email vulnerabilities or insecure document workflows. With our help, you can implement the right protocols to ensure sensitive data goes exactly where it’s supposed to.

2. Galway County Council’s Ban on CCTV Cameras

• The DPC ordered a temporary halt to CCTV use in a few locations that went overboard with surveillance. Galway County Council got a strong reprimand and a forced shutdown of their cameras in certain spots. Moral of the story? Stick to public spaces for your surveillance—and make sure you’ve got the signs to back it up.
• How We Help: Whether you’re using CCTV for security or operational purposes, our GDPR consultancy can ensure you’re compliant with data protection laws. We guide you on balancing security needs with privacy rights, so you can monitor what’s necessary—without breaching the law.

3. Centric Health and the Costly Ransomware Incident – €460,000 Fine

• For Centric Health, a ransomware attack turned out to be more than just a headache. Personal data for over 70,000 patients was compromised, with about 2,500 records lost for good. The DPC fined Centric a hefty €460,000 for security lapses, a painful reminder that healthcare data security requires constant vigilance.
• How We Help: Protecting your data from breaches like ransomware is where we shine. Eggers Cybersecurity offers managed solutions like antivirus software, email security, and threat detection tools to keep your data safe. From installing the latest antivirus to monitoring for phishing attempts, we provide a security shield that stops threats before they reach your data.

4. Kildare County Council’s Vigilant Eye (and the Fine That Followed) – €50,000 Fine

• Kildare County Council was hit with a €50,000 fine after it was found using CCTV, ANPR technology, and body-worn cameras without a clear lawful basis. The DPC reminded Kildare (and the rest of us) that GDPR expects transparency and careful handling of surveillance data. A tip to all the councils out there: your cameras can’t just go anywhere!
• How We Help: Eggers Cybersecurity offers GDPR and ISO 27001 compliance assistance to help your business stay compliant with the latest standards. Our experts guide you through documentation, privacy notices, and security protocols that ensure your practices meet the DPC’s expectations. Compliance doesn’t have to be complicated when you have the right partner.

Everyday Blunders: Small but Frequent Breaches

Beyond the headline cases, the DPC handled thousands of minor breaches in 2023—each a reminder that protecting personal data is as much about attention to detail as it is about grand strategies.

1. Wrong Emails to the Wrong People
   • With ~17% of breaches involving emails sent to incorrect recipients, we all know someone who’s “replied all” when they shouldn’t have. But these tiny mistakes can lead to serious consequences, especially if sensitive data is involved. The DPC saw emails flying around Ireland to all sorts of unintended folks this year—so remember, check that “To” line twice!
   • Solution: Eggers Cybersecurity’s Cybersecurity Audits and Email Security Solutions help streamline your email processes, adding controls to prevent misdirected communications. Our managed solutions offer safe, streamlined email practices to minimize human error.
2. The Paper File Fiasco
   • Paper files have a way of sneaking into data breaches, too. Over 6% of breaches were due to unauthorized access or unintentional disclosure of paper files. It may be the digital age, but not everyone has made the leap. If your business still relies on paper, make sure your files aren’t accessible to wandering eyes.
   • Solution: We assist with GDPR Compliance for businesses managing physical records, creating secure handling processes to ensure data remains protected—whether digital or physical.
3. Lost Devices, Lost Data
   • Laptops and phones went AWOL on more than one occasion in 2023. Lost or stolen devices often carry sensitive data, and when they disappear, they’re out of your control. A lost laptop can lead to more than just financial loss—it’s a data disaster waiting to happen. For small businesses, keeping track of devices and encrypting data is key.
   • Solution: We help secure your devices with Managed Antivirus and Cybersecurity Audits that include mobile device management and encryption, making sure your data is safe even if a device goes astray.
4. Sensitive Data and “Overheard” Conversations
   • Sometimes, breaches happen not through technology but through sheer human error—like sensitive conversations being overheard or documents being left out in public. Whether you’re a doctor or a legal advisor, privacy means minding your voice as well as your files.
   • Solution: Eggers Cybersecurity offers General Cybersecurity Consultancy to train your team on data etiquette, ensuring that staff know how to safeguard information—whether on a screen or in conversation.

A Partner in Prevention: How Eggers Cybersecurity Can Keep You Safe

At Eggers Cybersecurity, we believe in preventing breaches before they happen. As a cybersecurity consultancy, we offer comprehensive services designed to protect your business from today’s threats. Here’s how we can help:

1. Cybersecurity Audits: Get a full assessment of your vulnerabilities with recommendations tailored to your operations. Our audits cover both digital and physical security measures.
2. General Cybersecurity Consultancy: From assessing data handling to creating privacy policies, we provide expert guidance on implementing effective cybersecurity practices throughout your business.
3. GDPR and ISO 27001 Compliance Assistance: Need to meet GDPR standards or ISO 27001? We’ll help you set up compliant systems, so you’re prepared for any inspection or audit.
4. Managed Solutions: Whether it’s antivirus, email security, or comprehensive data protection, our managed solutions keep your systems safe, secure, and compliant without the hassle of self-management.

Looking Forward: 2024 and Beyond

With nearly 7,000 reported breaches, 2023 was a busy year for the DPC. In a world where data breaches are more common than spilled Guinness, the DPC’s work is only just beginning. For businesses across Ireland, data protection is no longer an option—it’s a necessity. Here at Eggers Cybersecurity, we’ll keep you updated on all the latest GDPR developments and offer practical ways to keep your business compliant and your customers' data safe.

Who knows what the next “Reeling in the Data Breaches” will bring, but one thing is for sure: in Ireland, data protection is not to be taken lightly. Here’s to a safer, more secure 2024!