Blog

01Nov, 2018

Notifiable Data Breach Legislation

Human error still behind many reported data breaches

The recently released Notifiable Data Breaches Quarterly Statistics Report 1 July – 30 September 2018 [i] documents notifications received by the Office of the Australian Information Commissioner (OAIC) in the last quarter under the Notifiable Data Breaches (NDB) scheme.

There were 245 notifications received in this period. Malicious or criminal attacks accounted for 57 per cent of data breaches noted, only briefly improving from the 59 per cent reported last quarter. Unlike human error (up one per cent from last quarter to 37 per cent), these attacks are deliberately carried out for financial and other gain. Examples include phishing, malware, ransomware, brute-force attack and hacking by other means, as well as social engineering or impersonation and actions taken by a rogue employee or insider threat. System fault was also up one per cent from last quarter now sitting at 6 per cent.

NDBS Fact Sheet: Are you at risk of data breach? Download our fact sheet today

The highest number of data breaches was once again reported by health service providers (18 per cent), which is down 2 per cent since last quarter. They were followed closely by the finance sector (14 per cent), also down 1 per cent from last quarter. Legal, accounting & management services were a close third at 14 per cent, which is a leap from the 8 per cent reported last quarter.

Human error continues to be an issue in all sectors and remains the primary cause of data breach in the private health sector, although breaches due to human error have dropped slightly from 59 per cent last quarter to 56 per cent. Across all sectors, sending personal information to the wrong recipient via email accounts for 12 per cent of all data breaches, followed by the unintended release or publication of personal information (6 per cent), loss of paperwork/data storage device (5 per cent), and sending personal information to the wrong recipient via mail (5 per cent). However, this quarter also saw incidents where personal information was provided to the wrong recipient by channels other than email, fax or mail, such as delivery by hand or uploading to a web portal.

Related:  The countdown is on for the notifiable data breach legislation. Are you ready?

Australian Information Commissioner and Privacy Commissioner Angelene Falk says, “Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them.” [ii]

“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.”

Report Link: Notifiable Data Breaches Quarterly Statistics Report – 1st July to 30 September 2018

References:

[i] Office of the Australian Information Commissioner, ‘ Notifiable Data Breaches Quarterly Notifiable Data Breaches Quarterly Statistics Report 1 July – 30 September 2018, accessed 7 November 2018 at https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/notifiable-data-breaches-quarterly-statistics-report-1-july-30-september-2018

[ii] Office of the Australian Information Commissioner, ‘Preventing data breaches should be business as usual’ at https://www.oaic.gov.au/media-and-speeches/media-releases/preventing-data-breaches-should-be-business-as-usual

Related Articles

The benefits of mandatory data breach notification laws in Australia

Mandatory data breach notification laws would result in greater security for Australians and improved protection of their sensitive information. And i

Read More

Cost of data breach report (with Australian Statistics)

Ponemon Institute 2013 Cost of Data Breach report The 2013 Cost of Data Breach report published by the Ponemon Institute (sponsored by Symantec) revea

Read More

How to survive a data breach

In the past two years, LinkedIn, eHarmony, Twitter, Adobe and, most recently, Target have suffered data breaches that together exposed more than 120 m

Read More

Credit card data discovery tools lay the foundation for good data security

Card Holder Data (CHD) discovery tools are becoming essential in identifying none secure sensitive data locations. Since December 2013, a series of da

Read More