NDB disclosures fell 7% in FY21

By Dylan Bushell-Embling
Wednesday, 27 October, 2021

Disclosures to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breach scheme fell 7% during FY21 to 975 notifications, the OAIC’s annual report shows.

The regulator finalised 80% of NDB investigations within 60 days, reaching its target, according to the report. The OAIC has now resolved more than 3000 data breach notifications since the scheme launched three years ago.

“As [the scheme] matures, we see clear trends: malicious or criminal attacks are the leading source of data breaches, followed by human error. Our regular reporting of this data highlights emerging issues and areas for attention by regulated entities,” Australian Information Commissioner Angelene Falk said in the report.

Meanwhile, total privacy complaints to the OAIC fell 7% during the financial year to 2474. A total of 2151 privacy complaints were finalised during the period. The OAIC received 1224 applications for Information Commissioner review of Freedom of Information Decisions (up 15%) and finalised 1018 reviews (up 23%).

The OAIC’s regulatory approach during the year was focused on meeting community expectations for proactive release of government-held information and strong privacy protections in areas of higher risk, Falk said.

“The ongoing pandemic underscores the importance of privacy and the proactive release of information to building community trust and confidence in new initiatives and government agencies and organisations,” she said.

“In addressing COVID-19 and other significant and emerging privacy issues, we have also worked closely with our domestic and international counterparts to maintain a clear and consistent approach.”

This regulatory work has included completing a review into the privacy and security of the COVIDSafe app, and collaborating with the government on the implementation of the Consumer Data Right.

“In the last year we made 21 submissions and 50 bill scrutiny comments, including a substantial submission to the landmark review of the Privacy Act. We have engaged closely with the Attorney-General’s Department as part of its ongoing review to ensure that Australia’s privacy framework is fit for the digital age,” Falk added.

“We will continue to employ our regulatory tools and capabilities in the year ahead to build public trust and confidence in access to government-held information and the protection of personal information, and to support a thriving digital economy.”

Image credit: ©stock.adobe.com/au/Nmedia