OAIC releases first quarterly statistics report under the NDB Scheme

Share on twitter
Share on linkedin
Share on facebook

NDB scheme

By Anne Wardell, Compliance Quarter. 

Photo by Jefferson Santos on Unsplash

The OAIC has published its first quarterly statistics report under the NDB Scheme, Notifiable Data Breaches Quarterly Statistics Report: January 2018 – March 2018. It is interesting to note that the total number of breaches received for the first quarter was 63. Remember that the NDB only commenced at the end of February 2018.

The report provides useful snapshots of the findings such as the top five industry sectors where an NDB occurred:

NDB Scheme

The most common type of personal information revealed was contact information. It is perhaps of some concern that the next two most common types of information disclosed were financial details and health information:

NDB Scheme

Although 73% of the eligible data breaches involved the personal information of fewer than 100 individuals, there were 27% of breaches which involved more than 100 individuals.

NDB Scheme

The OAIC’s acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk, commented on the report and indicated that:

‘Over time, the quarterly reports of the eligible data breach notifications received by the OAIC will support improved understanding of the trends in eligible data breaches and promote a proactive approach to addressing security risks.

‘Just over half of the eligible data breach notifications we received in the first quarter indicated that the cause of the breach was human error. In the 2016–2017 financial year 46 percent of the data breach notifications received by the OAIC voluntarily were also reported to be the result of human error.

‘This highlights the importance of implementing robust privacy governance alongside a high-standard of security. The risk of a data breach can be greatly reduced by implementing practices such as Privacy Impact Assessments, information security risk assessments, and training for any staff responsible for handling personal information.’ (Source: Notifiable Data Breaches first Quarterly report released OAIC News, 11 April 2018).

Although human error was responsible for 32% of the breaches, malicious or criminal attacks represented 28% of the breaches.  It is important for data systems which deal with personal information to ensure they are protected from such attacks.

NDB Scheme

The Report provides the following overview:

NDB Scheme

It is important for all Australian businesses to be aware of the quarterly reports and review the findings as a way to ensure they maintain the effectiveness of their systems and the protections installed.

Should you wish to discuss the NDB scheme with the team here at Compliance Quarter please click here.

More to explorer

Autumn leaves falling with copy space on black background

Avoiding Compliance Atrophy: The Critical Role of Assurance Reviews for Growing Energy Retailers

As energy retailers expand their customer base and operations, ensuring ongoing compliance with regulatory obligations can become increasingly challenging. A key risk is “compliance atrophy” – where initially compliant documents, processes and systems slowly deteriorate and waste away over time if not regularly monitored and reviewed. What is compliance atrophy? Compliance atrophy is typically a result of documents, processes and systems being ‘updated’ or ‘reworded’ to reflect changes in focus for the business and input from other stakeholders including marketing

person holding debit card

AER payment difficulty framework review

The Australian Energy Regulator (AER) is conducting a review of the consumer protections available under the National Energy Customer Framework (NECF) for those experiencing payment difficulties. On 14 May 2024, the AER released an issues paper for consultation. The review is driven by the commitment in Action 8 of the ‘Towards Energy Equity’ strategy in which the AER committed to considering whether improvements could be made to the NECF to ensure that consumers experiencing payment difficulties are identified early, engaged

Technicians installing photovoltaic solar panels on roof of house.

Compliance Quarter’s Submission to the AER’s Review of the Compliance Procedures and Guidelines

On 11 April 2024, Compliance Quarter put forward its submission on proposed changes to the AER Compliance Procedures and Guidelines. The AER is reviewing its Compliance procedures and guidelines, which set out the manner and form in which energy businesses in jurisdictions that have adopted the National Energy Retail Law must submit compliance information and data to the AER. We argue that there should be consideration of measures to incentivise early reporting of potential breaches. These may, for example, take the

Leave a Reply

Your email address will not be published. Required fields are marked *