The Office of the Australian Information Commissioner (OAIC) quarterly Report that was released last week, indicates that the under the Notifiable Data Breaches (NDB) regime 57 per cent of incidents were caused by ‘malicious or criminal attack’.
Private health insurers and finance being the two top industries to be affected.
“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day,” OAIC Commissioner Angelene Falk said. “Our latest report shows 20 per cent of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.”
Based on key statistics that have been provided by the OAIC it is a 2 per cent drop from the 59 per cent that had been provided in the previous quarter.
37 per cent were attributed to human error is just 1 per cent more than 36 per cent from the previous quarter.
6 per cent were attributed to system faults which are a 1 per cent increase from the previous quarter
63 per cent of incidents reported the involved personal information which is just 2 per cent difference 61 per cent of the previous quarter.
When the OIAC released their Annual Report last month the GRC Professional reached out Bronwyn Gallacher from CCL Consultants whose focus is on the competition and consumer Law as well as on thePrivacy space.
Gallacher said that the annual report showed an increased understanding by organisations with voluntary reporting under NDB reporting scheme, but the OAIC will be continuing its efforts to educate the industry on their obligations around data and privacy.
Is there still confusion about what constitutes serious breach under the NDB regime?
Gallacher said that while the OAIC has provided guidance on what organisations should be paying attention to, the onus is still on the organisation to investigate and ‘assess any potential breach’.
“As a relatively new scheme, there will be a level of confusion and uncertainty in how to comply with the scheme but this can be overcome through an understanding of the OAIC’s guidelines, and through having an effective compliance management system, she explained. “Further, the OAIC has indicated it has commenced with releasing quarterly reports on the NDB Scheme which will set out notifications received, as well as their root causes and the types of personal information affected. This will further assist businesses in understanding the operation of the NDB Scheme and when a data breach may lead to serious harm.”