63 breaches in 6 weeks of the new data breach regime

By Cameron Abbott and Allison Wallace

It’s been just over 6 weeks since the government’s notifiable data breach scheme came into force and the Office of the Australian Information Commissioner (OAIC) has revealed it has received 63 reports of data breaches since the scheme’s start date of February 22. The figure released as part of the OAIC’s first quarterly report on the scheme.

This is somewhat of a stark contrast to the 114 voluntary notifications for data breaches received by the OAIC in the 2016-17 financial year, before the scheme was in place.

This of course begs the question – has there been an increase in breaches, or merely just an increase in accountability?

Some interesting figures from the OAIC’s report:

  • 24% of notifications were from health service providers, legal, accounting and financial services providers accounted for a further 16%
  • 78% of breaches included individual’s contact information, with 33% of breaches involving health information
  • 51% of breaches were caused by human error, while a further 44% were due to malicious or criminal attacks.

Of the 63 breaches, 37 involved just one person – but 3 of them affected more than 10,000 individuals.

It’s a timely reminder of the need to ensure that your business is equipped to deal with data breaches – to learn a bit about what this means, check out this 60-second video we put together earlier this year.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.