The first quarterly report on data breach notifications received under the new Notifiable Data Breaches (NDB) scheme has been published by the Office of the Australian Information Commissioner (OAIC).
In its report, the OAIC said it received 63 data breach notifications under the scheme during the first six weeks of its operation.
It said that over the 2016–17 financial year, it received 114 data breach notifications on a voluntary basis.
Acting Australian Information Commissioner and Acting Privacy Commissioner at the OAIC, Angelene Falk (pictured) said the NDB scheme required entities with obligations to secure personal information under the Privacy Act 1988 to notify individuals when their personal information was involved in a data breach that was likely to result in serious harm.
“These data breaches are referred to as ‘eligible data breaches’,” Ms Falk said.
“Entities must also notify the OAIC about eligible data breaches.”
She said a 2017 survey found that 94 per cent of people believed they should be told when their personal information was lost by a business.
“A data breach notification provides individuals with the chance to take steps that reduce their risk of experiencing harm, such as changing relevant passwords for online accounts,” Ms Falk said.
She said this could reduce the overall impact of a breach.
“More broadly, the transparency provided by the NDB scheme reinforces Australian Government Agencies’ and businesses’ accountability for personal information protection and encourages a higher standard of security,” Ms Falk said.
She said that, over time, the quarterly reports of the eligible data breach notifications received by the OAIC would support improved understanding of the trends in these breaches and promote a proactive approach to addressing security risks.
Ms Falk said the top five sectors that notified the OAIC of eligible data breaches included health service providers (24 per cent of notifications), legal, accounting and management services (16 per cent), finance (13 per cent), private education (10 per cent), and charities (6 per cent).
The Commissioner’s five-page report can be accessed at this PS News link.
