Thousands of employees could have been affected by data breaches linked to mishandled paperwork last year, as concerns grow that offline risks are being overlooked in workplace data protection.
An analysis shows that paper-based records continue to expose sensitive employee information, even as organisations invest heavily in digital systems.
The data, from document handling specialist Officeology, found that more than 11,000 paperwork-related data breaches were reported to the Information Commissioner’s Office between 2020 and 2025.
Of these, nearly one in five involved employee data, including personal details, health records and financial information.
Thousands potentially affected in a single year
In 2025 alone, 1,820 incidents linked to paperwork mishandling were reported, with 330 involving employee data. Based on the size of organisations affected, the analysis suggests that as many as 28,000 employees could have been impacted by these breaches.
The figures relate to what the Information Commissioner’s Office defines as “non-cyber” breaches, where information is lost, stolen or incorrectly disposed of without a digital or online element.
Despite wider digital transformation efforts, the number of such incidents has remained broadly stable over the past five years.
The figures also raise concerns about how quickly organisations respond when breaches occur. Under UK data protection law, businesses must report personal data breaches within 72 hours of becoming aware of them.
But the analysis shows this deadline was missed in 41 percent of cases in 2025. In hundreds of incidents, it took organisations a week or more to notify the regulator, while many others reported breaches several days after the required window.
For employee-related breaches, nearly four in ten were reported late, increasing the potential risk to affected individuals.
Basic personal data most at risk
The most commonly exposed information in paperwork breaches was basic personal data, such as names, addresses and dates of birth. This type of data was involved in nearly four in ten incidents last year, followed by health-related information.
Among cases involving employees, a significant proportion related to the loss or incorrect disposal of documents containing personal identifiers. Experts say these types of breaches can increase the risk of identity fraud, as well as causing distress for employees whose information is compromised.
Despite the volume of incidents, only a small proportion result in formal investigations. Less than 5 percent of paperwork-related breaches over the past five years have led to enforcement action, with most cases resolved through guidance or advice from the regulator.
In 2025, just 12 incidents were referred for further investigation, and only one involved employee data. The majority of cases were handled without the use of formal powers, reflecting a focus on improving compliance rather than imposing penalties.
Employers urged to address offline risks
Adam Butler, a spokesperson at Officeology, said businesses must not overlook the risks associated with physical records. “While cybersecurity dominates the news, physical theft, loss or the incorrect disposal of paper records remains a significant risk to companies’ data security.”
He said the legal framework applies equally to paper and digital information. “GDPR legislation is technology-neutral and applies whether data is processed online or offline. Paper-based processes are inherently more vulnerable to human error.”
Experts say employers should review how physical documents are stored, handled and disposed of, particularly where sensitive employee data is involved.
As organisations continue to digitise operations, the findings suggest that legacy paper processes remain a weak point, with the potential to undermine wider data protection efforts if not properly managed.
William Furney is a Managing Editor at Black and White Trading Ltd based in Kingston upon Hull, UK. He is a prolific author and contributor at Workplace Wellbeing Professional, with over 127 published posts covering HR, employee engagement, and workplace wellbeing topics. His writing focuses on contemporary employment issues including pension schemes, employee health, financial struggles affecting workers, and broader workplace trends.
- William Furney
- William Furney
- William Furney
- William Furney
