2018 review – Lifting the lid on Australian data breaches
3 mins reading time
During this Privacy Awareness Week, the Office of the Australian Information Commissioner (OAIC) has published its first Insights report on the Notifiable Data Breach (NDB) scheme.
The NDB scheme requires agencies and organisations under the Privacy Act 1998 (Cth) to report data breaches which are likely to cause serious harm to individuals whose personal information is involved in the breach.
Since 2018, the OAIC has been collecting data and publishing quarterly reports about the NDB scheme. The Insights report provides information on sources of data breaches, which industries they are targeting and any emerging trends.
Snapshot of the 2018 report
This year, the OAIC has reported that in 2018:
- 964 number of breaches in total;
- 712% increase in notifications since the introduction of the NDB when compared to the previous voluntary scheme;
- 60% of data breaches were malicious or criminal attacks;
- 83% of data breaches affected fewer than 1,000 people;
- 35% of data breaches were committed by human error;
- 55% of health sector data breaches were due to human error; and
- 41% of finance sector data breaches were due to human error.
Findings from the report
The report provides valuable insight for organisations to learn how to manage and develop strategies around data breaches. Data has indicated that most data breaches involve human factors (e.g. sending an email to the wrong person or clicking on a phishing email).
Organisations should ensure that employees are well trained, systems are up-to-date and there are policies in place to handle data breaches. It is important that businesses have a clear understanding of what is considered as a data breach and if any such data breach is considered to be a notifiable data breach. A failure to take the appropriate steps can have significant negative reputational and financial consequences. Organisations which delay or fail to notify eligible data breaches will face regulatory action from the OAIC.
Macpherson Kelley is experienced in providing strategic advice in relation to data breaches and can assist your business in ensuring compliance with the NDB scheme, and the wider privacy compliance regime more generally.
Macpherson Kelley is also the only Australian member of international alliance PrivacyRules Ltd., allowing us to draw on local expertise relating to privacy compliance, cybersecurity and data protection matters in the overseas jurisdictions where our clients do business.
If you would like any further information regarding the application of privacy laws to your business, please contact Kelly Dickson.
This article was written by Jai Manoharan, Law Graduate.
The information contained in this article is general in nature and cannot be relied on as legal advice nor does it create an engagement. Please contact one of our lawyers listed above for advice about your specific situation.
more
insights
AI adoption in business: Unveiling the Senate’s blueprint for regulation
National Innovation Visa (NIV) Subclass 858: New visa to attract global talent to Australian shores
Social media ban for children under 16: What are the privacy implications and impact on the future?
stay up to date with our news & insights
2018 review – Lifting the lid on Australian data breaches
During this Privacy Awareness Week, the Office of the Australian Information Commissioner (OAIC) has published its first Insights report on the Notifiable Data Breach (NDB) scheme.
The NDB scheme requires agencies and organisations under the Privacy Act 1998 (Cth) to report data breaches which are likely to cause serious harm to individuals whose personal information is involved in the breach.
Since 2018, the OAIC has been collecting data and publishing quarterly reports about the NDB scheme. The Insights report provides information on sources of data breaches, which industries they are targeting and any emerging trends.
Snapshot of the 2018 report
This year, the OAIC has reported that in 2018:
- 964 number of breaches in total;
- 712% increase in notifications since the introduction of the NDB when compared to the previous voluntary scheme;
- 60% of data breaches were malicious or criminal attacks;
- 83% of data breaches affected fewer than 1,000 people;
- 35% of data breaches were committed by human error;
- 55% of health sector data breaches were due to human error; and
- 41% of finance sector data breaches were due to human error.
Findings from the report
The report provides valuable insight for organisations to learn how to manage and develop strategies around data breaches. Data has indicated that most data breaches involve human factors (e.g. sending an email to the wrong person or clicking on a phishing email).
Organisations should ensure that employees are well trained, systems are up-to-date and there are policies in place to handle data breaches. It is important that businesses have a clear understanding of what is considered as a data breach and if any such data breach is considered to be a notifiable data breach. A failure to take the appropriate steps can have significant negative reputational and financial consequences. Organisations which delay or fail to notify eligible data breaches will face regulatory action from the OAIC.
Macpherson Kelley is experienced in providing strategic advice in relation to data breaches and can assist your business in ensuring compliance with the NDB scheme, and the wider privacy compliance regime more generally.
Macpherson Kelley is also the only Australian member of international alliance PrivacyRules Ltd., allowing us to draw on local expertise relating to privacy compliance, cybersecurity and data protection matters in the overseas jurisdictions where our clients do business.
If you would like any further information regarding the application of privacy laws to your business, please contact Kelly Dickson.
This article was written by Jai Manoharan, Law Graduate.