There has been a sharp rise in data breaches and complaints, the latest annual report from the Information Commissioner’s Office reveals.

A total of 200 personal data breaches were reported in 2025-26, up from 152 the previous year, affecting an estimated 31,600 people, compared with 4,918 in 2024-25.

The report says this increase reflects a rise in cyber incidents, which can affect large numbers of people in a single breach.

Data protection complaints more than doubled to 53, up from 25 in 2024-25, with handling of subject access requests the most common issue raised.

Information Commissioner Dr Alexandra Delaney-Bhattacharya said: ‘Behind every breach is someone whose trust, privacy or safety may be compromised.

‘We are seeing the scale of risk increase - cyber incidents can affect thousands of people at once, alongside new harms such as the misuse of people’s images through AI.

‘A data breach can be life-altering for someone escaping a dangerous relationship. For a child, the misuse of their image can cause lasting harm.’

During the year, five regulatory actions were taken with reprimands for Shell Ship Management Ltd, Queen Elizabeth II High School, Payroll Partners Ltd and Manx Care. A warning was also issued to a public sector organisation.

Sixteen Freedom of Information decision notices were issued, nearly double previous years.

A streamlined complaints system was introduced, enabling complaints to be progressed more quickly, with the oldest open case reduced to just over six months, down from more than 11 months the previous year.

In addition, a new online breach reporting and registration system was introduced.

During the year, the ICO strengthened international relationships, signing agreements with, Dubai and Malta and participating in cross-border investigations for the first time.

The island also joined more than 60 regulators in raising concerns about the misuse of AI to create harmful or non-consensual imagery.