By Anne Wardell, Compliance Quarter.
Photo by Jefferson Santos on Unsplash
The OAIC has published its first quarterly statistics report under the NDB Scheme, Notifiable Data Breaches Quarterly Statistics Report: January 2018 – March 2018. It is interesting to note that the total number of breaches received for the first quarter was 63. Remember that the NDB only commenced at the end of February 2018.
The report provides useful snapshots of the findings such as the top five industry sectors where an NDB occurred:
The most common type of personal information revealed was contact information. It is perhaps of some concern that the next two most common types of information disclosed were financial details and health information:
Although 73% of the eligible data breaches involved the personal information of fewer than 100 individuals, there were 27% of breaches which involved more than 100 individuals.
The OAIC’s acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk, commented on the report and indicated that:
‘Over time, the quarterly reports of the eligible data breach notifications received by the OAIC will support improved understanding of the trends in eligible data breaches and promote a proactive approach to addressing security risks.
‘Just over half of the eligible data breach notifications we received in the first quarter indicated that the cause of the breach was human error. In the 2016–2017 financial year 46 percent of the data breach notifications received by the OAIC voluntarily were also reported to be the result of human error.
‘This highlights the importance of implementing robust privacy governance alongside a high-standard of security. The risk of a data breach can be greatly reduced by implementing practices such as Privacy Impact Assessments, information security risk assessments, and training for any staff responsible for handling personal information.’ (Source: Notifiable Data Breaches first Quarterly report released OAIC News, 11 April 2018).
Although human error was responsible for 32% of the breaches, malicious or criminal attacks represented 28% of the breaches. It is important for data systems which deal with personal information to ensure they are protected from such attacks.
The Report provides the following overview:
It is important for all Australian businesses to be aware of the quarterly reports and review the findings as a way to ensure they maintain the effectiveness of their systems and the protections installed.
Should you wish to discuss the NDB scheme with the team here at Compliance Quarter please click here.