On 31st of July 2018 the Office of the Australian Information Commissioner (OAIC) released the second Notifiable Data Breaches Quarterly Statistics Report, recording 242 breach notifications. The first report, issued in April, had been a partial quarter as the new laws only came into place on 22 February 2018, and recoded 65 notifications.
However, notwithstanding that the total volume indicated an increase, there has in fact been a month on month increase in the number of breaches with June reaching 90 notified breaches as opposed to 55 in the first full month of the Notifiable Data Breaches Scheme.
For those who are interested in knowing how their industry rates in the number of breach reporting industries, the top five industry sectors are identified as being:
It is also interesting that the sources of the breaches within the various industries in the category of malicious or criminal attacks are broken down into: cyber incidents, rogue employees, social engineering and theft.
Breaches are also broken down by the various sources of human error. Unsurprisingly these include significant numbers of mail being sent to the wrong recipient, emails being sent to the wrong recipient, loss of paperwork or storage devices, or unintended release.
It is clear that, as well as investing in cyber security measures, Australian businesses need to continue to invest heavily in training as a deterrent to human error.
Holding Redlich’s privacy and cyber professionals can assist businesses proactively seeking to avoid breaches and in the event of a breach, including where that breach is notifiable not only under Australian law but under the European General Data Protection Regulation.
Author: Lyn Nicholson
Lyn Nicholson, General Counsel
T: +61 2 8083 0463
Dan Pearce, Partner
T: +61 3 9321 9840
Trent Taylor, Partner
T: +61 7 3135 0668
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.
Published by Lyn Nicholson