OAIC Notifiable Data Breaches Report: July–December 2020
The Office of the Australian Information Commissioner (OAIC) periodically publishes statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme to assist entities and the public to understand the operation of the scheme. The agencies latest report captures notifications made under the NDB scheme for the period from 1 July to 31 December 2020.
Key findings for the July to December 2020 reporting period:
- 539 breaches were notified under the scheme, an increase of 5% from the 512 notifications received from January to June 2020.
- Malicious or criminal attacks (including cyber incidents) remain the leading source of data breaches, accounting for 58% of notifications.
- Data breaches resulting from human error accounted for 38% of notifications, up 18% from 173 notifications to 204.
- The health sector remains the highest reporting industry sector, notifying 23% of all breaches, followed by finance, which notified 15% of all breaches.
- 68% of data breaches affected 100 individuals or fewer.
- 78% of entities notified the OAIC within 30 days of becoming aware of an incident that was subsequently assessed to be an eligible data breach.
Comparisons are to the period from 1 January to 30 June 2020.
The OAIC received 539 notifications this reporting period. This is a 5% increase compared to the previous 6 months and a 2% increase compared to the same period in 2019.
There was significant variation in the number of notifications received each month of the reporting period. The OAIC received 62 notifications in November – the second lowest monthly total since the NDB scheme commenced in February 2018 – but more than 100 notifications in July, August and September.
This reporting period saw continuation of the trend towards a greater proportion of data breaches attributed to human error. Data breaches resulting from human error accounted for 38% of all notifications, compared to 34% the previous 6 months and 32% in the same period in 2019.
Further detail and information relating to this quarterly report can be found at https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-data-breaches-report-july-december-2020/
Contact us to learn more about our client and business-specific cyber and information security solutions, and how we can assist you with being compliant with the requirements within the Privacy Act.