The Notifiable Data Breaches (NDB) scheme was established in February 2018 to improve consumer protection and drive better security standards for protecting personal information. It applies to agencies and organisations who are covered by the Privacy Act 1988 and are required to take reasonable steps to secure personal information.
This is the first statistical report on the NDB scheme to cover a six-month period. It shows a 19 per cent increase in the number of data breaches reported to the Office of the Australian Information Commissioner (OAIC) between July and December 2019, compared to the first half of the year.
Initially, the OAIC published statistical reports every quarter to help identify any trends and improve awareness and understanding of data breach risks and prevention. The OAIC also published a Notifiable Data Breaches Scheme 12-month Insights Report in May 2019 which examined these trends and highlighted best practice approaches to preventing and responding to data breaches.
Now that the scheme is well established as an effective reporting mechanism, this six-monthly report will continue to track the leading causes and sources of data breaches. It will also highlight emerging issues and areas for ongoing attention by entities entrusted with protecting personal information.
Key findings for the July to December 2019 reporting period:
- 537 breaches were notified under the scheme, up from 460 in the previous six months
- Malicious or criminal attacks (including cyber incidents) remain the leading cause of data breaches, accounting for 64 per cent of all notifications
- Data breaches resulting from human error account for 32 percent of all breaches, down from 34 per cent in the last reporting period
- The health sector is again the highest reporting sector, notifying 22 per cent of all breaches
- Human error caused 43 per cent of data breaches in the health sector, compared to an average of 32 per cent across all notifications
- Finance is the second highest reporting sector, notifying 14 per cent of all breaches
- Most data breaches affected less than 100 individuals, in line with previous reporting periods
- Contact information remains the most common type of personal information involved in a data breach.
Read the full report from the Office of the Australian Information Commission here: OAIC Notifiable Data Breach Report
Read about how Xari Group can help you against a data breach here: IT Security for Your Business