Rise in personal data breach reports on the Isle of Man amid increased awareness efforts

Over 800 people affected in Q1 2025/26 as reporting nearly doubles compared to last year

The Isle of Man's Information Commissioner has recorded a significant rise in personal data breach reports for the first quarter of the 2025/26 financial year, with 61 incidents reported between April and June – almost double the 35 breaches reported during the same period last year.

According to the Commissioner’s latest update, the uptick may be partially attributed to enhanced engagement with local organisations, including targeted training sessions aimed at clarifying reporting duties under data protection legislation.

More than 800 individuals were impacted by breaches reported in the period, though the final figure could be higher as several cases remain under investigation.

Breaches have resulted in a range of harms, including loss of access, emotional distress, damage to reputation, unwanted contact, and, in some cases, identity theft and fraud.

Seventy percent of the reported breaches came from public sector organisations, following awareness sessions held in March. Similar training was rolled out to the private sector in July, and the impact of this is expected to be seen in the next quarter.

In total, 28 percent of Q1 breaches were classified as ‘high risk’, triggering a legal requirement under Article 34 of the Applied GDPR to notify affected individuals without undue delay.

However, just 77 percent of all breaches were reported within the required 72-hour timeframe.

The Commissioner also revealed that 30 breach cases were closed during Q1. Of those, 84 percent involved an infringement of Article 5(1)(f) of the Applied GDPR, which concerns integrity and confidentiality.

Smaller proportions involved additional breaches such as data accuracy (seven percent), data minimisation (three percent), and lawfulness, fairness and transparency (three percent).

In three percent of closed cases, no infringement was recorded as no individuals on the Island were ultimately affected.

A new online breach reporting portal was introduced in April to streamline submissions. While the system has experienced some teething issues, the Commissioner has invited feedback from users to support future improvements.

Quarterly breach figures over the past three years have fluctuated – 55 in Q1 2022/23, rising to 90 in Q1 2023/24, before falling sharply to 35 in Q1 2024/25.