Notifiable Data Breaches law records 242 incidents in its first quarter


Data breach notifications are on the rise, as companies in Australia increase their transparency over damaging security incidents and highlight the success of the country’s new notification scheme.

A total of 242 breach notifications were disclosed between April and June 2018, according to the latest review of the country’s data laws, released by the Office of the Australian Information Commissioner (OAIC).

The majority of these reported incidents, 59%, were caused by malicious actors attacking an organization’s infrastructure, whereas only 88 breaches, 36%, were the result of human error such as sending personal information to the wrong recipient. Only 5% were due to a system failure.

“The report provides important information on the causes of data breaches so all entities can learn lessons and put in place prevention strategies,” said Angelene Falk, Australian’s information commissioner and acting privacy commissioner, following today’s launch of the Notifiable Data Breaches Quarterly Statistics report.

“The OAIC continues to work with entities to ensure compliance with the [NDB] scheme, offer advice and guidance in response to notifications, and consider appropriate regulatory action in cases of non-compliance.”

The Notifiable Data Breaches (NDB) scheme, enacted in February, requires businesses, charities, and government agencies with an annual turnover of $3 million or more to notify consumers if their information has been exposed in a data breach, which could cause them “serious harm”.

Failure to report such breaches under the new scheme can rack up fines of up to $2.1 million – a number that has apparently scared companies into action and ranked consumer privacy ahead of an organization’s public image.

Falk added: “Notifications this quarter show that one of the key aims of the scheme – ensuring individuals are made aware when the security of their personal data is compromised – is being met.

“Data breach notification to individuals by the entities experiencing the data breach can equip individuals with the information they need to take steps to reduce their risk of experiencing harm, which can reduce the overall impact of a breach.”

Still, the question remains of how to stop these breaches from occurring in the first place, particularly in sensitive areas such as healthcare, an industry that was found to have the largest number of reported breaches – 49 – according to the OAIC report. The finance sector was a close second, with 36 breaches reported.

The OAIC has recorded 305 notifications since the NDB scheme began in February 2018. It recommends ensuring staff are implementing best password practice, and for organizations to continue raising awareness of good security hygiene.