Between the scheme’s inception in February and December 2018, 812 data breaches were reported to Australia’s privacy watchdog under the Notifiable Data Breaches (NDB) rules.
Angelene Falk, Australian Information Commissioner and Privacy Commissioner, said the growing number of data breaches reported to the office is consistent with trends experienced by those overseas and indicates agencies are complying with their notification obligations.
She said “Individuals are now receiving notices so they can take action to reduce their risk of harm, which also shows the scheme is working as intended.”
Under the scheme, Australian government agencies and organisations must carry out an assessment whenever they suspect that there may have been loss of, unauthorised access to or unauthorised disclosure of personal information that they hold.
The NDB said if serious harm is likely to result, they must notify affected individuals so they can take action to address the possible consequences, such as changing passwords and checking their credit record.
They must also notify the Office of the Australian Information Commissioner (OAIC).
Falk said this scheme has increased awareness and action on personal information security.
She said, “The first anniversary of the scheme is an opportunity for regulated entities to reflect on the causes of breaches that put personal data at risk and how they are managing their privacy obligations.
“Most of the data breaches reported to us over the past year involved a human factor, like sending information to the wrong person or someone’s login credentials being compromised through phishing or other means and used in a cyber attack.
“We expect organisations and agencies to act on the risks highlighted by these reports ― whether or not they were directly affected ― and take steps to prevent a similar breach of Australians’ personal data.”
Between October 1 and December 31 2018, there were 232 notifications for data breaches. Sixty-four per cent were malicious attacks and 33 per cent were human error.
This has been the largest number of attacks in a quarter since the beginning of the NDB, with the previous quarter only showing 245 data breaches reported.
From the data, 60 per cent of breaches involved the personal information of 100 individuals or fewer.
Breaches impacting between one and ten individuals comprised 41 per cent of the notifications.
The introduction of the scheme reflected the increasing global focus on data protection, according to Falk, which included the European Union establishing GDPR.