On 31st of July 2018 the Office of the Australian Information Commissioner (OAIC) released the second Notifiable Data Breaches Quarterly Statistics Report, recording 242 breach notifications. The first report, issued in April, had been a partial quarter as the new laws only came into place on 22 February 2018, and recoded 65 notifications.

However, notwithstanding that the total volume indicated an increase, there has in fact been a month on month increase in the number of breaches with June reaching 90 notified breaches as opposed to 55 in the first full month of the Notifiable Data Breaches Scheme.

For those who are interested in knowing how their industry rates in the number of breach reporting industries, the top five industry sectors are identified as being:

  • health
  • finance
  • legal, accounting and management services
  • education
  • business and professional associations.

It is also interesting that the sources of the breaches within the various industries in the category of malicious or criminal attacks are broken down into: cyber incidents, rogue employees, social engineering and theft.

Breaches are also broken down by the various sources of human error. Unsurprisingly these include significant numbers of mail being sent to the wrong recipient, emails being sent to the wrong recipient, loss of paperwork or storage devices, or unintended release.

It is clear that, as well as investing in cyber security measures, Australian businesses need to continue to invest heavily in training as a deterrent to human error.

Holding Redlich’s privacy and cyber professionals can assist businesses proactively seeking to avoid breaches and in the event of a breach, including where that breach is notifiable not only under Australian law but under the European General Data Protection Regulation.