The childcare and education sector suffered the second highest number of data breaches in 2023, uncovering persistent compliance issues across the sector.

Solicitor Hayes Connor analysed information on reported data breaches collected by the Information Commissioner’s Office (ICO). It found 14.44% of incidents were reported by the childcare and education sector, second only to health (17.42%).

More than one in three (562) breaches in the education and childcare sector involved children’s data last year. The research found that basic personal identifiable data was the most common type of data being breached within education and childcare sector (85.06%) followed by health data (29.25%).

The analysis found the top two reasons for data breaches in the sector were data emailed to the wrong recipient (20.38%) and unauthorised access to data (10.06%).

The analysis also found that more than a third (36.94%) of education and childcare sector breaches were reported past the 72-hour deadline mandated by General Data Protection Regulation (GDPR). Failure to notify a breach when required to do so can result in a significant fine of up to £18m, or 4% of a company’s global turnover

Hayes Connor said the findings showed the continual need for businesses to train staff on basic data handling practices. Richard Forrest, legal director at Hayes Connor, said: “Despite regulatory advancements, and the introduction of stricter compliance mechanisms, the rate of data breaches remains a serious concern. The recent ICO trends portray a continuous need for vigilance and updated compliance strategies from businesses, especially in how they manage and protect personal data against emerging cyber threats and human error.”