OAIC releases Notifiable Data Breaches Scheme 12-month insights report
By Jack Evans & and Stanley Yu• 15 May 2019 • 2 min read
The Office of the Australian Information Commissioner has released a report which provides interesting and helpful insights into the first year of the Notifiable Data Breaches Scheme.
Within the NDB Report, the OAIC:
- examines trends that have emerged under the NDB Scheme, including the common causes of data breaches;
- reflects on the purposes of the NDB Scheme;
- provides guidance on proactive steps that can be taken for better prevention of data breaches in the future; and
- outlines the OAIC’s expectations for the second year of operation of the NDB Scheme.
Some of the key statistics and trends identified in the NDB Report include:
- 964 eligible data breaches have been notified under the NDB Scheme from 1 April 2018 to 31 March 2019;
- there has been a 712 percent increase in notifications since the introduction of the NDB Scheme;
- in respect of cyber incidents, 153 breaches were attributed to phishing;
- health service providers are the top reporting sector; and
- in terms of the causes of data breaches:
- 60 percent of data breaches were malicious or criminal attacks;
- 35 percent of data breaches were attributed to human error; and
- the remaining 5 percent of data breaches were caused by system error.
Importantly, the OAIC indicates that as the NDB Scheme moves into its second year, the OAIC, amongst other things:
- expects entities to understand the underlying causes of data breaches and take proactive steps to prevent them from occurring;
- encourages entities to move beyond compliance to support consumers (such as supporting affected individuals to take steps to minimise or prevent harm in a meaningful way); and
- will ‘take a proportionate and evidence‑based regulatory approach in relation to the NDB scheme, including by exercising our enforcement powers where necessary’.
It’s not possible to cover all of the matters dealt with in the report within this post, so you may wish to take a look at the report for yourself.
Ask and you may receive - creditors’ rights to information and call meetings
By Sam Kingston & Mathew Gashi
When is an external administrator obliged to respond to requests from creditors to access information and call meetings?...
Year-end earnings surprises and continuous disclosure: COVID-19 impact
With the financial year end (or half year) looming for many companies and the impact of COVID-19 over the last few...
Government decision makers should think twice before jumping on the ban-wagon: lessons from the Brett Cattle class action
Judgement potentially lowers bar for those impacted by government decisions to claim an unlawful exercise of power
Time for a service? ACCC secures Court enforceable undertaking from Bob Jane
The ACCC continues to focus on upholding the Franchising Code of Conduct and protecting franchisees.