©2018-2019 by The GRC Institute - Governance, Risk & Compliance.  ABN: 42862119377

Breach Reports Rise

February 14, 2019

 

 

There has been a slight increase in reported breaches according to the recent NDB quarterly report.

 

The Office of the Australian Information Commissioner (OAIC) has recently released their Quarterly NDB report for the October to December in 2018 and found that 70 per cent of the reported breaches in the financial sector were malicious attacks.

 

This report was released not long after the privacy commission announced the dates for the annual Privacy Awareness Week (PAW) from the 12th -18th of May.

 

The report highlights that 262 data breaches were reported in the October to December period. The this up from 245 breaches from the previous quarter.

 

There was a three per cent drop in incidents involving personal data with the only 60 per cent of reports involved personal data as opposed to 63 per cent from the previous quarter.

 

The leading cause for the data breach is still the malicious and criminal attack with 168 reports, human error comes second with 85 reports and system error only accounts for nine breach reports.

 

Private health industry leads with the 54 reports with Finance coming second with 40 reports.

 

Investigative Powers

Just before the release of this report the GRC Professional reached out to CCL Consultants Bronwyn Gallacher who addressed the privacy regulation from the investigative powers the of Office of the Australian Information Commissioner (OAIC).

 

“One of the area organisations that businesses need to be mindful of is to have in place an effective investigative and assessment process, and compliance processes in relation to privacy and the new Notifiable Data Breaches (NDB) scheme.”

 

Gallacher continues that:

 

The investigation and assessment is important because the NDB scheme only requires notification about ‘eligible data breaches’.

 

An eligible data breach arises when:

 

  • there is unauthorised access to or unauthorised disclosure of personal information or a loss of personal information that an entity holds; and

  • this is likely to result in serious harm to one or more individuals; and

  • the entity has not been able to prevent the likely risk of serious harm with remedial action.

 

 

Please reload

Suggested Posts
Please reload

Tags
Please reload