• ES2

Human Error main cause behind first Data Breach notifications

The Office of the Australian Information Commissioner (OAIC) has released its first quarterly report after the Mandatory Breach Notification Scheme came into effect six weeks ago. So how did ‘we’ do?


Australian organisations have reported 63 data breaches since the notification rules have become mandatory on February 22. Eight of those breach notifications were received in the first six days during February. March saw 55 breach notifications coming through to the OAIC.

Health Service Providers were the biggest ‘offenders’ with 15 notifications. Other sectors included Legal accounting and management Services (10), Finance (including Superannuation) (8), Education (6) and Charities (4).


64% of the personal information involved in breaches was Contact information, such as an individual’s name, email address, home address or phone number. Identity information such as a drivers licence/passport number, which can be used to confirm an individual’s identity, was accessed in 24% of the cases.


Other breaches involved Health information, Financial details, TFN and ‘other’.

Just over half of the breaches indicated that the cause of the breach was human error. Malicious or criminal actors are believed to be behind a further 44% of incidents, with 3% indicating to be the result of system faults.


"This highlights the importance of implementing robust privacy governance alongside a high-standard of security. The risk of a data breach can be greatly reduced by implementing practices such as Privacy Impact Assessments, Information Security Risk Assessments and training for any staff responsible for handling personal information" says OIAC’s acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk.


Read the full report HERE