By AAT Comment Anti-money launderingLack of care taken to protect clients’ data6 Dec 2022 Accountants beware: breaching data regulations leave companies at risk of millions in fines.Finance has emerged as one of the worst offenders for data breaches, according to an ongoing report by the Information Commissioner’s Office (ICO). The data security report shows how businesses have been conforming to GDPR since its inception in 2019.Finance, insurance, and credit made up just under 1 in 10 cases. This amounts to around 2,929 data breaches out of the total 32,541.Breaking down finance’s failingsData breach experts Hayes Connor analysed the ICO’s report for types of data that had been breached within the different sectors. Basic personal identifiers being breached came up top within the finance sector, at 74%. Unsurprisingly, the second-highest form of data breaches involved economic and financial data, at 37%.The findings also showed the different incident types behind the data breaches. The number one cause within the finance sector was data being emailed to incorrect recipients, in a total of 569 cases. On a related note, there were 509 cases of data being posted or faxed to the incorrect recipient, while 415 cases were caused by phishing.This demonstrates an alarming lack of care taken by employees to protect their client’s data. In our experience, this tends to be down to:Lack of knowledge surrounding GDPR.Lack of employee training within companies on GDPR and how to avoid phishing scams.Careless behaviour and lack of attention to detail.Businesses in the sector also took too long to report data breaches. As part of the 2018 GDPR regulations, data breaches must be reported within 72 hours – a stipulation unmet in 37% of cases. Such failure can result in a fine of up to £8.7m, or 2% of the offending organisation’s global turnover.Worst offendersThe percentage of data breaches associated with the worst-affected sectors up until the third quarter of 2022 were:1. Health, 19%2. Education & childcare, 14%3. Finance, insurance & credit, 9%3. Retail & manufacture, 9%3. Local government, 9%Taking data privacy more seriouslyBusinesses and individuals should report any data breach activity to the ICO without delay. It’s also important to hold internal investigations and risk assessments to find out whether the data breach was down to systemic fault or human error, and identify potential hazards. Above all, regular employee training surrounding GDPR is a must.With so many of these data breaches being caused by human error, and such substantial sums at risk, businesses need to rethink their data handling practices now.About the authorChristine Sabino is Legal Director at leading UK data breach solicitors Hayes Connor. You can read Hayes Connor’s recent study for further information on data protection flaws in the finance, credit and insurance sector. AAT Comment offers news and opinion on the world of business and finance from the Association of Accounting Technicians.