Blog

01Aug, 2018

Notifiable Data Breach Legislation

Deliberate criminal attacks behind most notifiable data breaches

The Office of the Australian Information Commissioner has released their second “Notifiable Data Breaches Quarterly Statistics Report” advising statistical information about notifications received under the Notifiable Data Breaches Scheme from 1 April to 30 June 2018[i].

The NDB scheme commenced on 22nd February 2018, and this is the first report that contains activity data from a full quarter.

The total number of data breach notifications received in the quarter was 242 which brings the total amount received in 2018 to 305, with the addition of the 63 received from 22nd February and the end of March 2018.

Related:  The countdown is on for the notifiable data breach legislation. Are you ready?

The largest source of data breaches for all sectors was malicious or criminal attack (59 per cent) followed by human error (36 per cent) and system fault (5 per cent). Malicious or criminal attacks differ significantly from human error as they are deliberate acts designed to exploit system vulnerabilities.

These new figures are in contrast to the previous reporting period which identified human error (51 per cent) as the highest cause of data breach followed by malicious or criminal attack (44 per cent)[ii].

The sector that reported the highest number of data breaches was the private health sector (20 per cent) followed by the finance sector (15 per cent) with the legal, accounting and management services sector (8 per cent), the private education sector (8 per cent), and the business and professional associations sector (6 per cent) behind.

PCI DSS eBook: How to achieve and maintain PCI DSS compliance.

Human error continues to be an issue across all sectors and is the primary cause of data breach in the private health sector (59 per cent) followed by malicious or criminal attack (41 per cent). Human error includes incidents in which a mistake made by a person caused the data breach. Common errors include personal information sent to the wrong recipient, insecure disposal of personal information, or loss of paperwork or a storage device. Most notifications (69 per cent) in the private health sector caused by human error involved the data of 100 individuals or less.

Reducing human error continues to be the most significant challenge to organisations with many failing to implement adequate technology to remove human exposure to personal data. Contact Centres represent the most significant risk of human error with many still exposing contact centre agents to credit card data.  Contact centre solutions like AgentSecure reduce PCI DSS compliance scope by 90% by ensuring credit card data never enters the contact centre and therefore eliminating the risk of human error.

 

Resource Link: Notifiable Data Breaches Quarterly Statistics Report: 1 April – 30 June 2018

References

[i] Office of the Australian Information Commissioner, ‘ Notifiable Data Breaches Quarterly Statistics Report: 1 April – 30 June 2018, accessed 3 August 2018 at https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics/notifiable-data-breaches-quarterly-statistics-report-1-april-30-june-2018.pdf

[ii] Office of the Australian Information Commissioner, ‘ Quarterly Statistics Report: January 2018 –  March 2018, accessed 3 August 2018 at https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics/Notifiable_Data_Breaches_Quarterly_Statistics_Report_January_2018__March_.pd

Related Articles

The benefits of mandatory data breach notification laws in Australia

Mandatory data breach notification laws would result in greater security for Australians and improved protection of their sensitive information. And i

Read More

Cost of data breach report (with Australian Statistics)

Ponemon Institute 2013 Cost of Data Breach report The 2013 Cost of Data Breach report published by the Ponemon Institute (sponsored by Symantec) revea

Read More

How to survive a data breach

In the past two years, LinkedIn, eHarmony, Twitter, Adobe and, most recently, Target have suffered data breaches that together exposed more than 120 m

Read More

Credit card data discovery tools lay the foundation for good data security

Card Holder Data (CHD) discovery tools are becoming essential in identifying none secure sensitive data locations. Since December 2013, a series of da

Read More