Every third Pole is afraid of personal data leakage. At the same time, less than half of us would know what to do in a such situation. And the biggest problems are faced by seniors, who do not have enough knowledge on who and how processes our personal data.

This is the picture of the Polish society that emerges from a research conducted by ChronPESEL.pl portal and the National Debt Register under the patronage of the Personal Data Protection Office, which also shows that only little more than 30% of people know who is responsible for the consequences of data leakage. Every third respondent believes that responsibility lies solely with a victim.

According to the research, Poles consider fraudsters, who try to phish personal data via fake text messages, emails and phone calls, as the greatest threat to personal data (43 percent). However, data leakage was ranked second. Every third respondent is afraid of it (34.5 percent).

Interestingly, respondents were more concerned about leakages from private companies databases. Nearly one fifth of respondents considered them to be the greatest threat (19.3 percent). Public institutions were ranked slightly better. 15 percent of people taking part in the research is afraid of data leakages from databases managed by public institutions.

According to declarations of respondents, only less than half of them (46 percent) would know how to react in case of a personal data leakage. Young people are most confident about what to do in such a situation. Over 57 percent of respondents aged 25-34 declare that they would know what actions to take. Seniors, in turn, would have the biggest problems with this. According to the research, 2/3 of people aged over 65 would not know how to react.

‒ Unfortunately, it is difficult to protect oneself from personal data leakage on your own. The security of databases depends on the entities that manage them. Therefore, it is very important to know how to react. For instance, if the leaked information includes also personal data, e.g. personal identification number (PESEL number), it should be verified as soon as possible whether someone has already tried to use it. It is also worth considering  activating the monitoring of credit activity of our PESEL number, thanks to which we will know if someone wants to use it to extort a loan or another financial obligation in the future ‒ adds Bartłomiej Drozd, an expert at ChronPESEL.pl portal.

Every third Pole cannot predict the consequences of a data leakage

Nearly 2/3 of respondents know what data leakage may imply. Among potential consequences of such an incident they indicate taking financial obligations in the form of, for example, a credit or leasing agreement (86%), using data to impersonate us in order to deceive our relatives as a result (75%), selling personal data (68%) or setting up a company using stolen data (64%).

Only little over 30 percent of respondents declare that they know who should take care of neutralising the consequences of a leakage. According to 70% of respondents this is the task of the police and other law enforcement agencies, such as the prosecutor's office. 60 percent point to the company or institution that is the controller of the database from which the data leaked. More than 56 percent indicate the Personal Data Protection Office, and 44 percent - data protection officers from the institutions and companies where the data breach occurred.

Every third respondent believes that it is the responsibility of the person whose data leaked to neutralise the consequences.

‒ In case of accidental or unlawful destruction, loss or disclosure of personal data we have to do with personal data breach. If the breach results in the risk to the rights and freedoms of the data subject, the controller should notify the personal data breach to the Personal Data Protection Office within 72 hours. The controller is obliged to take effective measures to protect natural persons and their personal data – says Jacek Młotkiewicz, Director of the Inspections and Breaches Department, the Personal Data Protection Office.

The research commissioned by the ChronPESEL.pl portal and the National Debt Register under the patronage of the Personal Data Protection Office, was conducted in March 2022 using the CAWI method on a representative group of 1010 respondents by IMAS International.