The Australian Information Commissioner and Privacy Commissioner has used the first anniversary of the Notifiable Data Breaches scheme to remind public sector organisations and others of the need to maintain the protection of personal information they may hold.
The Commissioner, Angelene Falk said most of the data breaches reported over the past year involved a human factor, like sending information to the wrong person or someone’s login credentials being compromised through phishing or other means and used in a cyber-attack.
“We expect organisations and Agencies to act on the risks highlighted by these reports, whether or not they were directly affected, and take steps to prevent a similar breach of Australians’ personal data,” Ms Falk ( pictured) said.
“Australian Government Agencies and organisations must carry out an assessment whenever they suspect that there may have been loss of, unauthorised access to, or unauthorised disclosure of personal information that they hold.”
She said that if serious harm was likely to result, the agencies must notify affected individuals so they can take action to address the possible consequences, such as changing passwords and checking their credit record.
They must also notify the Office of the Australian Information Commissioner.
“The growing number of data breaches notified to my office is consistent with trends experienced by our counterparts overseas and indicates Agencies and organisations are complying with their notification obligations,” Ms Falk said.
