The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches (NDB) Report for January to June 2020.
Malicious or criminal attacks remain the leading cause of data breaches involving personal information in Australia. Commissioner Angelene Falk said, 'this trend has significant implications for how organisations respond to suspected data breaches — particularly when systems may be inaccessible due to these attacks. It highlights the need for organisations to have a clear understanding of how and where personal information is stored on their network, and to consider additional measures such as network segmentation, robust access controls and encryption.'
In other findings:
- Health service providers continued to be the top reporting sector (115 notifications), followed by the finance and education sectors, and the insurance industry making the top 5 sectors for the first time.
- The number of notifications resulting from social engineering or impersonation has increased by 47%.
- Actions taken by a rogue employee or insider threat accounted for 25 notifications, and theft of paperwork or storage devices resulted in 24 notifications.
- Human error accounted for 34% of data breaches. As Commissioner Falk stated, 'it reinforces the need for organisations and agencies to take reasonable steps to prevent human error breaches, including training for staff who handle personal information.'
The Commissioner has also reminded organisations that they must also continue to assess and address any privacy impacts of changed business practices, both during their response to the COVID-19 outbreak and through the recovery.