Tag: Mandatory Data Breach Notification Laws

1
Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report
2
Uniformity of Law: NSW Government opens consultation to consider making Data Breach Reporting mandatory in respect of State Government Agencies
3
Q3 Notifiable breaches industry league results: Health first … lawyers a solid third!
4
242 data breaches reported in second quarter of notifiable data breach regime
5
63 breaches in 6 weeks of the new data breach regime
6
Government committed to introducing Mandatory Data Breach Notification laws

Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report

By Cameron Abbott and Karla Hodgson

The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018 and while the majority of NDBs (62%) are attributed to malicious or criminal attacks, we noted with interest that a staggering 34% are due to human error – that is, mostly avoidable errors made by staff. A consistent theme of our blogs is reinforcing the message that employees are the front line of defence for organisations.

There are 3 key statistics we took away from these human error NDBs.

Read More

Uniformity of Law: NSW Government opens consultation to consider making Data Breach Reporting mandatory in respect of State Government Agencies

By Cameron Abbott, Warwick Anderson and Max Evans

We have blogged numerous times on the notifiable data breach scheme provided for in Part IIIC of Privacy Act 1988 (Cth) including more recently in relation to its success in assisting the preparedness of the health sector to report and respond to data breaches.

Whilst the NSW Information Privacy Commissioner recommends that public sector agencies notify it and affected individuals where a data breach creates a risk of serious harm, neither NSW privacy laws nor the notifiable data breach scheme require public sector agencies in NSW to provide such notification. There are many reasons for state government agencies to mandatorily report data breaches. Informing citizens when privacy breaches occur provides an opportunity for individual protection against potentially adverse consequences, whilst mandatory data breach reporting would address the current under-reporting of data breaches in NSW, which according to the consultation may be the norm.

Read More

Q3 Notifiable breaches industry league results: Health first … lawyers a solid third!

By Cameron AbbottKeely O’Dowd and Colette Légeret

The Office of the Australian Information Commissioner (OAIC) has released its third quarterly report of notifiable data breaches. This is the second OAIC report to be released covering a full quarter.

The report revealed that OAIC received 245 notifications of data breaches, marginally up from 242 notifications in the second quarterly report.

Some interesting figures from the OAIC’s report are as follows:

  • 18% of notifications were from health service providers, 14% were from the finance sector; 14% were from the legal, accounting and management services sector; 7% were from the private education sector, and 5% were from the personal services sector;
  • 85% of data breaches involved individual’s contact details, 45% involved financial details, 35% involved identity details, 22% involved health details, 22% involved tax file numbers, and 7% involved other types of personal information; and
  • 57% of data breaches were due to malicious or criminal attack, with 37% due to human error, and 6% due to system faults, with cyber incidents, namely compromised credentials or phishing being the main the cause of

Of the 245 data breaches, 58 affected only one individual – however, 7 affected more than 10,000 individuals.

These figures are a clear reminder of the need to ensure that your business is equipped to deal with data breaches. To learn more about this, take a look at this 60-second video by Cameron Abbott. With professional services ranking a solid third, we’ll take some of our own advice too!

242 data breaches reported in second quarter of notifiable data breach regime

By Warwick Andersen, Rob Pulham and Colette Légeret

The Office of the Australian Information Commissioner (OAIC) has released its second quarterly report of notifiable data breaches. This report is of particular significance as it, unlike the first “quarterly” report, covers a full quarter and therefore depicts a more accurate account of data breaches over a calendar quarter.

Read More

63 breaches in 6 weeks of the new data breach regime

By Cameron Abbott and Allison Wallace

It’s been just over 6 weeks since the government’s notifiable data breach scheme came into force and the Office of the Australian Information Commissioner (OAIC) has revealed it has received 63 reports of data breaches since the scheme’s start date of February 22. The figure released as part of the OAIC’s first quarterly report on the scheme.

This is somewhat of a stark contrast to the 114 voluntary notifications for data breaches received by the OAIC in the 2016-17 financial year, before the scheme was in place.

Read More

Government committed to introducing Mandatory Data Breach Notification laws

By Cameron Abbott and Rebecca Murray

After much delay, a spokesperson for Attorney-General, George Brandis has said the government is committed to introducing the Mandatory Data Breach Notification laws this year. We will be sure to look out for it during the next term of Parliament. You can find more information on the proposed scheme and its regulatory impact on the Attorney General’s Department consultation for Serious Data Breach Notification webpage.

 

Copyright © 2019, K&L Gates LLP. All Rights Reserved.