About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Advising on regional NSW prison projects June 17, 2018

Maddocks has worked on the tendering and procurement of various prison projects throughout regional NSW (including Cessnock, Silverwater, Dillwynia and Outer Metropolitan Multipurpose correctional centres), which involved the design and construction of the refurbishment of … Continued

Latest News

Maddocks appoints new People & Culture director June 18, 2018

Monday 18 June 2018 Law firm Maddocks has appointed Deborah Stonley to head its People & Culture team. Deborah has joined Maddocks from law firm Norton Rose Fulbright. She had previously been Director of People … Continued

Latest Article

Major changes in the HR space for Victorian Local Government June 12, 2018

Following extensive consultation with the community, the Local Government Bill 2018 (Vic) was introduced into Parliament on 23 May 2018. If enacted, the Bill will repeal and replace the Local Government Act 1989 (Vic). The … Continued

Timely introduction of the Notifiable Data Breaches Scheme

The Notifiable Data Breaches scheme (Scheme) under the Privacy Act 1988 (Privacy Act) came into force on 22 February 2018.

The Scheme applies to certain organisations and agencies with existing obligations to protect personal information under the Privacy Act. These entities are required to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches, being breaches that are likely to result in serious harm.

The OAIC has released the first quarterly report on the scheme, which provides a snapshot of data breaches received by the OAIC from Australian entities.

For more information about how the scheme operates, see our previous posts on the scheme:

  1. Incoming! Notifiable Data Breach scheme is about to land
  2. Explaining Australia’s Mandatory Data Breach Notification Laws
  3. Consultation open for draft Notifiable Data Breaches Scheme resources

Key statistics

The total number of data breaches reported to the OAIC under the scheme was 63. The largest proportion was from health service providers (24 per cent). The personal information that was predominantly involved in a breach was contact information, such as an individual’s name, email address or phone number (78 per cent). This was followed by health information (33 per cent), financial details such as bank account numbers (30 per cent), then identity information, such as a passport number (24 per cent).

Malicious or criminal attacks and human error, such as sending a document to the incorrect recipient, were the two largest causes of eligible data breaches (28 per cent and 32 per cent respectively). The OAIC was notified that 59 per cent of data breaches involved between one and nine individuals’ personal information and 73 per cent involved under 100 individuals’ personal information.

Takeaway

The report is a timely reminder of the need to be vigilant when handling personal information, especially as human error was the reason for the majority of eligible data breaches. You should check the address of a recipient before sending personal information to ensure it is being sent to the correct individual. A proper assessment of a breach is important to determine if notification is required as compliance with the scheme is mandatory. The next quarterly report will provide further insights and a more complete picture of the scheme as this report only outlines statistics for part of the quarter.

View the full report.

Author
Georgia Adams | Graduate Lawyer
T +61 3 9258 3336
E georgia.adams@maddocks.com.au

The Notifiable Data Breaches scheme (Scheme) under the Privacy Act 1988 (Privacy Act) came into force on 22 February 2018.

The Scheme applies to certain organisations and agencies with existing obligations to protect personal information under the Privacy Act. These entities are required to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches, being breaches that are likely to result in serious harm.

The OAIC has released the first quarterly report on the scheme, which provides a snapshot of data breaches received by the OAIC from Australian entities.

For more information about how the scheme operates, see our previous posts on the scheme:

  1. Incoming! Notifiable Data Breach scheme is about to land
  2. Explaining Australia’s Mandatory Data Breach Notification Laws
  3. Consultation open for draft Notifiable Data Breaches Scheme resources

Key statistics

The total number of data breaches reported to the OAIC under the scheme was 63. The largest proportion was from health service providers (24 per cent). The personal information that was predominantly involved in a breach was contact information, such as an individual’s name, email address or phone number (78 per cent). This was followed by health information (33 per cent), financial details such as bank account numbers (30 per cent), then identity information, such as a passport number (24 per cent).

Malicious or criminal attacks and human error, such as sending a document to the incorrect recipient, were the two largest causes of eligible data breaches (28 per cent and 32 per cent respectively). The OAIC was notified that 59 per cent of data breaches involved between one and nine individuals’ personal information and 73 per cent involved under 100 individuals’ personal information.

Takeaway

The report is a timely reminder of the need to be vigilant when handling personal information, especially as human error was the reason for the majority of eligible data breaches. You should check the address of a recipient before sending personal information to ensure it is being sent to the correct individual. A proper assessment of a breach is important to determine if notification is required as compliance with the scheme is mandatory. The next quarterly report will provide further insights and a more complete picture of the scheme as this report only outlines statistics for part of the quarter.

View the full report.

Author
Georgia Adams | Graduate Lawyer
T +61 3 9258 3336
E georgia.adams@maddocks.com.au