Data breach disclosure notices reaching a three-year peak, according to OAIC
The Office of the Australian Information Commissioner (OAIC) has reported a significant rise in data breaches in the first half of 2024, with 527 breaches notified, representing a 9% increase from the second half of 2023. This marks the highest number of data breach notifications since the July to December 2020 period.
Australian Privacy Commissioner Carly Kind has expressed concern over the high number of data breaches, stating that they pose significant threats to Australians' privacy. The commissioner believes that the increase in breaches indicates vulnerabilities in both the private and public sectors.
The sectors that reported the most data breaches were primarily in healthcare, finance, and government. Health and the Australian Government sectors accounted for 19% and 12% of all breaches respectively. Malicious and criminal attacks were the main source of data breaches, accounting for 67% of all incidents.
Commissioner Kind has emphasised the OAIC's high expectations of organisations, six years after the launch of the Notifiable Data Breaches scheme. The commissioner has called for all Australian organisations to build the highest levels of security into their operations to protect personal information.
In response to the growing concerns, the Australian Government has introduced the Privacy and Other Legislation Amendment Bill 2024. This Bill aims to strengthen the OAIC's enforcement toolkit by providing an enhanced civil penalty regime and infringement notice powers for the commission. The Bill also provides important clarification to the scope of existing security obligations by amending Australian Privacy Principle 11.
The amended Australian Privacy Principle 11 requires organisations to implement technical and organisational measures to address information security risks. The OAIC welcomes the measures contained in the Bill as an important step in strengthening Australia's privacy framework.
The OAIC will continue to take a proportionate approach to enforcement and provide guidance to help organisations comply with their obligations. However, the commissioner has stated that the OAIC's recent enforcement action against Medibank and Australian Clinical Labs should send a strong message about data security and compliance with the scheme.
The increase in data breaches has put Australians at risk of serious harm, including an increase in scams, identity theft, emotional distress, and physical harm. Approximately 12.9 million Australians were affected by a data breach in the reported period, the largest number since the Notifiable Data Breaches scheme came into effect.
Further reform consistent with the Australian Government's response to the Privacy Act Review is still required to improve security across the economy and enhance the Notifiable Data Breaches scheme. The commissioner has expressed a desire for these reforms to ensure that all organisations in Australia are held to the highest standards of data security.
Read also:
- United States tariffs pose a threat to India, necessitating the recruitment of adept negotiators or strategists, similar to those who had influenced Trump's decisions.
- Weekly happenings in the German Federal Parliament (Bundestag)
- Southwest region's most popular posts, accompanied by an inquiry:
- Discussion between Putin and Trump in Alaska could potentially overshadow Ukraine's concerns
