Skip to Main Content
Analysis of the publications of the Information Commissioner's Office relating to prosecutions or monetary penalties for data breaches shows that many of these breaches involved human error. The most common such errors in these reports are well meaning insiders making slips in routine operations. Technical correction strategies to mitigate against the error were either absent or ineffective in preventing harm from being incurred. This paper considers the failure modes of human operators of information systems within reports issued by the Information Commissioner's Office. These demonstrate where additional technological assistance may be better directed to reduce probability of occurrence and to reduce the impact of information security failures.