Privacy update
In a week where the Victorian State Government is enmeshed in its own privacy breach and the subsequent fall out, it is a timely reminder about the new mandatory data breach notification requirements that have now been in effect for over six months.
The Office of the Australian Information Commissioner (OAIC) has released its second report about the notifications received so far. The data and patterns emerging are interesting and provide a timely warning.
In the first quarterly report issued by the OAIC, the figures were:
- 63 notifications
- 32 from human error
- 28 from malicious or criminal attack
- 2 from system faults.
The top five industry sectors affected were:
- health services
- legal, accounting and management
- finance (including superannuation)
- education
- charities
In the second quarterly report issued by the OAIC, the latest figures are:
- 36 notifications
- 50% from human error
- 47% from malicious or criminal attack
- 3% from system faults.
The top five industry sectors are:
- health services
- finance
- legal, accounting and management services
- education
- business/professional associations
The figures for human error and malicious or criminal attack are about even.
In the context of the My Health Record controversy, it seems that people’s concerns are well founded. In both reports released so far, health services have topped the industry sectors for the most number of privacy breaches, and human error is attributed to about half.
Banks also feature heavily within the finance sector and legal and accounting services are also consistent contributors.
People are reminded to routinely change and update their passwords, ensure their virus protection and malware software protection is up-to-date, and as robust as it can be.
For business owners or service providers, governance procedures need to be constantly reviewed and updated. Regular training in proper processes and checks and balances can be the only protection against human error.
