The Australian Information and Privacy Commissioner has released a report on the first 12 months of mandatory reporting of privacy breaches, declaring that breaches involving personal information can be prevented through effective training and enhanced systems.
Speaking at the beginning of Privacy Awareness Week last Monday (13 May) the Commissioner, Angelene Falk called on all regulated entities to accept the findings and learn from its lessons.
“By understanding the causes of notifiable data breaches, business and other regulated entities can take reasonable steps to prevent them,” Ms Falk said.
“Our report shows a clear trend towards the human factor in data breaches, so training and supporting your people and improving processes and technology are critical to keeping customers’ personal information safe.”
She said that after more than 12 months in operation, entities should now be well equipped to meet their obligations under the scheme, and to take proactive measures to prevent breaches of personal information.
“The requirement to notify individuals of eligible data breaches goes to the core of what should underpin good privacy practice for any entity — transparency and accountability,” Ms Falk said.
“It’s also an opportunity for organisations to earn back trust by supporting consumers effectively to prevent or manage any potential harm that may result from a breach.”
She said the Notifiable Data Breaches scheme was introduced in February 2018 and the Notifiable Data Breaches 12-month Insights Report released this week examines its first four quarters of statistics.
She said it shows that 964 eligible data breaches were notified to affected individuals and the Office of the Australian Information Commissioner (OAIC); 60 per cent of breaches were traced back to malicious or criminal attacks; and the leading cause of data breaches during the 12-month period was phishing (people tricked into revealing information such as passwords) causing 153 breaches.
Ms Falk said her office would continue to take a proportionate and evidence‑based regulatory approach to data breaches, exercising enforcement powers where necessary.
The OAIC’s 25-page report can be accessed at this PS News link.