Data breaches attributed to human error continue to increase according to the Office of the Australian Information Commissioner’s (OAIC) latest Notifiable Data Breaches Report.
Australian Information Commissioner and Privacy Commissioner, Angelene Falk said the OAIC received 539 data breach notifications from July to December 2020, an increase of five per cent on the previous six months (512).
Ms Falk said 38 per cent of all data breaches notified during the period were attributed to human error.
“In the past six months, we saw an increase in human error breaches both in terms of the total number of notifications received – up 18 per cent to 204 – and proportionally – up from 34 per cent to 38 per cent,” Ms Falk said.
“The human factor is also a dominant theme in many malicious or criminal attacks, which remain the leading source of breaches notified to my office,” she said.
“Organisations need to reduce the risk of a data breach by addressing human error – for example, by prioritising training staff on secure information handling practices.”
The Commissioner said malicious or criminal attack accounted for 310 notifications during the period (58 per cent) and system fault was responsible for 25 notifications (five per cent).
“Health service providers again notified the most data breaches (23 per cent) of any industry sector, followed by finance, which notified 15 per cent of all breaches,” she said.
“For the first time, the Australian Government entered the top five industry sectors by notifications, accounting for six per cent of all breaches.”
Ms Falk called for entities to have effective systems in place for responding to data breaches.
“Entities must have effective systems for detecting, containing, assessing, notifying and reviewing data breaches,” she said.
“Critically, they need to provide individuals with clear and timely information about data breaches, including recommendations on steps they can take to protect themselves from harm.”
She said any unnecessary delay in providing data breach information undermined the purpose of the Notifiable Data Breaches scheme.
Ms Falk said entities should use the information and guidance provided in her report to help review their processes and ensure they were fit for purpose.
The Commissioner’s 34-page Report can be accessed at this PS News link.
