OAIC releases first quarterly statistics report under the NDB Scheme

Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on facebook
Facebook

NDB scheme

By Anne Wardell, Compliance Quarter. 

Photo by Jefferson Santos on Unsplash

The OAIC has published its first quarterly statistics report under the NDB Scheme, Notifiable Data Breaches Quarterly Statistics Report: January 2018 – March 2018. It is interesting to note that the total number of breaches received for the first quarter was 63. Remember that the NDB only commenced at the end of February 2018.

The report provides useful snapshots of the findings such as the top five industry sectors where an NDB occurred:

NDB Scheme

The most common type of personal information revealed was contact information. It is perhaps of some concern that the next two most common types of information disclosed were financial details and health information:

NDB Scheme

Although 73% of the eligible data breaches involved the personal information of fewer than 100 individuals, there were 27% of breaches which involved more than 100 individuals.

NDB Scheme

The OAIC’s acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk, commented on the report and indicated that:

‘Over time, the quarterly reports of the eligible data breach notifications received by the OAIC will support improved understanding of the trends in eligible data breaches and promote a proactive approach to addressing security risks.

‘Just over half of the eligible data breach notifications we received in the first quarter indicated that the cause of the breach was human error. In the 2016–2017 financial year 46 percent of the data breach notifications received by the OAIC voluntarily were also reported to be the result of human error.

‘This highlights the importance of implementing robust privacy governance alongside a high-standard of security. The risk of a data breach can be greatly reduced by implementing practices such as Privacy Impact Assessments, information security risk assessments, and training for any staff responsible for handling personal information.’ (Source: Notifiable Data Breaches first Quarterly report released OAIC News, 11 April 2018).

Although human error was responsible for 32% of the breaches, malicious or criminal attacks represented 28% of the breaches.  It is important for data systems which deal with personal information to ensure they are protected from such attacks.

NDB Scheme

The Report provides the following overview:

NDB Scheme

It is important for all Australian businesses to be aware of the quarterly reports and review the findings as a way to ensure they maintain the effectiveness of their systems and the protections installed.

Should you wish to discuss the NDB scheme with the team here at Compliance Quarter please click here.

More to explorer

Frozen planet Earth climate change concept

Getting Serious: The Peak Demand Reduction Scheme

The First PDR Initiatives:
– There will be incentives (rebates) for households to purchase and install energy efficient air conditioners (rebates for businesses ACs have been available for some time via other schemes);
– Businesses with EV fleets will be able to export power from their parked vehicles back in to the grid at peak times.

The two initiatives above were cited as examples in the press release on 28 September 2021. There is very little information available as to what other initiatives will be forthcoming.

When there is a lot of energy

Alinta Energy improves systems and waives more than $1 million in customer debt following an AER investigation.

On 8 October 2021, the Australian Energy Regulator (AER) announced that, in response to an investigation, Alinta Energy have substantially improved its systems and was waiving more than $1 million in energy debt owed by more than 400 of its customers.  The outcome arose as a result of an investigation carried out by the AER into alleged non-compliance with Alinta Energy’s obligations with respect to vulnerable customers and its hardship program. The AER was concerned that during the period September 2019

Leave a Reply

Your email address will not be published. Required fields are marked *