Privacy and data protection
WHAT ARE THE EMERGING ISSUES?
The OAIC has released its 12-month Insights Report into the frequency, targets and common failings of data breaches since the NDB was introduced. In summary, between 1 April 2018 and 31 March 2019: –– over 964 notifications were made to the OAIC, including more than 100 breaches of more than 1,000 people and 10 affecting more than 100,000 people; –– there has been a 712% increase in notifications since the introduction of the NDB Scheme; –– contact and financial details were the most commonly affected information; –– health services providers are the top reporting sector, followed by finance, and then legal, accounting, and management services; and –– malicious cyberattacks and human error are the two most commonly attributed sources of data breaches (making up 95% of all reported data breaches), with phishing attempts compromising credentials the most successful tactic employed by malicious third parties. Despite the substantial data collected and published by the OAIC since the NDB Scheme commenced, no enforcement action has yet been taken against any Australian businesses for failing to comply with the NDB Scheme.
–– Notifiable Data Breaches –– Consumer Data Right
–– Higher penalties –– Data surveillance
NOTIFIABLE DATA BREACHES SCHEME – ONE YEAR ON
The Notifiable Data Breach ( NDB ) Scheme came into effect in February 2018. In circumstances where an organisation identifies unauthorised access to, disclosure of, or loss of personal informationthat is likely toresult inserious harm to an individual, this is deemed an ‘eligible data breach’ under the Privacy Act 1988 (Cth) ( Privacy Act ). Eligible data breaches must be notified to the Office of the Australian Information Commissioner ( OAIC ) and affected individuals. Failure to notify an eligible data breach may result in fines of up to AUD 2.1million. As a result, entities with annual turnover of AUD 3 million or more (which is the threshold for the NDB Scheme) have been required to meet higher compliance obligations in the past 12 - 18 months while still combating the rise in evolving cyber threats.
Made with FlippingBook flipbook maker