How often does data get breached in Australia?
Australians' data has a new ally.
The nation's first official report on institutional data breaches was just released, shining light on how Australians' data maybe at risk. It's the first quarterly report on the Notifiable Data Breaches Scheme launched in February by the Office of the Australian Information Commissioner (OAIC).
The scheme requires organisations to notify the OAIC when customers' data is compromised. To put some perspective on its effectiveness, there were 144 notifications during the entire 2016/2017 financial year when data breach notifications were voluntary. According to this inaugural report, there were 63 notifications in just six weeks under the new scheme's mandatory requirements.
The scheme's notification requirements applies to Australian government agencies, organisations with more than $3 million annual turnover and smaller businesses in a number of specific categories like healthcare and credit monitoring. The healthcare industry logged the highest number of notifications in Q1.
The report also uncovered that human error was the major factor contributing to data breach notifications, a situation OAIC officials view as a worthy challenge.
"This highlights the importance of implementing robust privacy governance alongside a high-standard of security. The risk of a data breach can be greatly reduced by implementing practices such as Privacy Impact Assessments, information security risk assessments, and training for any staff responsible for handling personal information," acting privacy commissioner Angelene Falk said in a statement.
Falk says the new report isn't just about reporting numbers; it's about gaining insights into why data breaches occur and how to stop them.
"Over time, the quarterly reports will support improved understanding of trends and promote a proactive approach to addressing security risks," Falk said.
Businesses around Australia have access to a number of support materials from the OAIC including response guidelines and advice on security protocol.
Businesses concerned about consumer backlash can also consider cyber liability insurance for added peace of mind.