The Australian Information and Privacy Commissioner has revealed that human error, deception, compromised credentials and on-off incidents were the causes of most data breaches referred to her office since mandatory reporting began last February.
The Commissioner, Angelene Falk said that at a time of heightened awareness of privacy, the community expected people and organisations entrusted with their personal information to act as ethical stewards.
“They also expect regulators to take action to prevent, detect and remedy their issues,” Ms Falk said.
She said each year her office received close to 3,000 complaints from individuals.
“These are resolved through a range of approaches, including conciliation and determination,” she said.
“These outcomes frequently involve compensation, and drive improvements to privacy practice.
“Our frontline staff assisted the public with almost 20,000 enquiries about privacy in 2017-18, and we audit a range of industries and Agencies for compliance with the Privacy Act.”
She said her Office’s work had led to enforceable undertakings which had proven highly effective in driving systemic change within organisations where personal information practices had been deficient.
“Above all, we take an evidence-based and proportionate approach, and we will not shy away from using the full range of our regulatory powers,” Ms Falk said.
“That includes seeking civil penalties of up to $2.1 million per privacy breach through the Federal Court.
“Privacy by design is critical to achieving compliance with the Privacy Act. This means embedding privacy from the top down to achieve best practice and cultural change.”
She said this practice required a senior executive to act as privacy champion, a privacy management plan and privacy impact assessments to guide product development and day-to-day business.
“Along with human error, such as emailing the wrong person or losing documents, compromised credentials are a key cause of the data breaches reported so far,” Ms Falk said.
More information about the Office of the Australian Information Commissioner can be found in the office’s 208-page annual report which can be accessed at this PS News link.
