NDB reports grew 6% in July–December

Data breaches disclosed under the Office of the Australian Information Commissioner’s (OAIC) Notifiable Data Breach scheme grew 6% during the six months ending in December to 464.

The OAIC’s latest Notifiable Data Breach report found that malicious or criminal attacks remain the leading cause of disclosed breaches, accounting for 55% of the total. But the absolute number of malicious or criminal data breaches fell 9% to 256 during the period.

By contrast, the proportion of breaches attributable to human error grew by 43% to 190, following a dip in the previous period.

Meanwhile, the health sector remains the highest reporting industry sector notifying 18% of all breaches, followed by finance (12%).

Information Commissioner and Privacy Commissioner Angelene Falk said as the scheme enters its fourth year of operation, her office is urging organisations to put accountability at the centre of their information handling practices.

“Australians expect that their personal information will be handled with care when they choose to engage with a product or service and are more likely to entrust their data to organisations that have demonstrated effective privacy management,” she said.

“[After four years] the scheme is now mature and we expect organisations to have accountability measures in place to ensure full compliance with its requirements. If organisations wish to build trust with customers, then it is essential they use best practice to minimise data breaches and, when they do occur, they put individuals at the centre of their response.”

But the report found that some organisations are still falling short of the scheme’s assessment and notification requirements.

For example, a notable proportion of organisations that experienced system faults (11%) did not become aware of the incident for over a year. And white 75% of organisations notified the OAIC within 30 days of becoming aware of an incident, 28 organisations took longer than 120 days from when they became aware of an incident to notify the OAIC.

“A key objective of the scheme is to protect individuals by enabling them to respond quickly to a data breach to minimise the risk of harm,” Commissioner Falk said.

“Delays in assessment and notification reduce the opportunities for an individual to take steps to protect themselves from harm.”

Image credit: ©stock.adobe.com/au/anyaberkut