16 August 2018 – The Notifiable Data Breaches Quarterly Statistics June Report shows that almost 60 percent of data breaches are the result of malicious or criminal attacks, with breaches being reported particularly in the health and finance sectors.
The second quarterly statistical report on data breach notifications received under the Notifiable Data Breaches (NDB) scheme
showed 242 notifications according to the Office of the Australian Information Commissioner (OAIC).i
Under the scheme, entities have data breach notification obligations when a breach is likely to result in serious harm to any individuals whose personal information is involved.
A growing number of notifications under the Notifiable Data Breaches, particularly in the health and finance sectors, have made customers aware of instances where a breach of personal information has occurred.
The report shows that the main causes of data breaches are malicious or criminal attacks (142 notifications or 59 per cent), followed by human error (88 notifications or 36 per cent).
The regular quarterly reporting of breaches, and the fact that the OAIC has noted that it will consider appropriate regulatory action in cases of non-compliance, is likely to focus the attention of businesses on information security according to Shred-it Australia’s Country Manager, Tom Bell.
The sectors which reported the most breaches for the period were private health sector with 49 notifications in the quarter followed by the finance sector with 36 notifications. The focus on these sectors is of particular interest in light of the findings of the recent 2018 Shred-it Security Tracker report.
Click Here to Access Report: 2018 Shred-it Security Tracker
“Our research found that the vast majority of Australians feel that data protection is very important when making decisions about choosing service providers in banking (93 percent) and health service providers (84 percent),” said Mr Bell.
“The Security Tracker report demonstrates that consumers have very high expectations of their service providers and trust them to protect their personal data, so the fact that reports of breaches are so numerous is worrying.”
The Security Tracker research also shows an apparent mismatch between consumer awareness surrounding information security and the service providers who manage that information. Across all respondents to the survey, only 50 percent of businesses indicated that they have a strong understanding of the legal requirements and ramifications surrounding confidential information storage and disposal.
The risks of the types of data breaches being reported under the NDB can be greatly reduced by businesses ensuring that they not only have in place strict information security policies, but that they also educate their workforce and ensure that employees have access to the appropriate tools and protocols to implement the policy.
“Organisations need to fully address areas of risk that could make them vulnerable to a significantly damaging data breach, including using secure destruction of paper-based information and old electronic devices,” said Mr Bell.
For more information:
Sauce Communications (for Shred-it)
T: 0427 006 404
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our customers private information. A wholly-owned subsidiary of the US based business to business services company Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.au
iNotifiable Data Breaches Quarterly Statistics Report: 1 April – 30 June 2018, OAIC