May 25, 2020

242 Data Breaches Reported in Second Quarter of Notifiable Data Breach Regime

The Office of the Australian Information Commissioner (OAIC) has released its second quarterly report of notifiable data breaches. This report is of particular significance as it, unlike the first “quarterly” report, covers a full quarter and therefore depicts a more accurate account of data breaches over a calendar quarter.

The report revealed that OAIC received 242 notifications of data breaches, up from 63 in the first quarterly report. Of note, this quarterly figure is more than double the entire number of notifications for the 2016-17 financial year, when notification of data breaches was voluntary.

Some interesting figures from the OAIC’s report are as follows:

  • 20% of notifications were from health service providers, 15% of notifications from the finance sector, and legal, accounting and management services sector accounted for 8% of notifications;
  • 89% of data breaches involved individual’s contact details, 49% involved financial details, 39% involved identity details, 25% involved health details, 19% involved tax file numbers, and 7% involved other types of personal information;
  • 59% of data breaches were due to malicious or criminal attack, with 36% due to human error, and 5% due to system faults.

Of the 242 data breaches, 51 affected only one individual – but 6 affected more than 10,000 individuals.

Copyright 2020 K & L Gates

TRENDING LEGAL ANALYSIS


About this Author

Warwick Andersen Technology Lawyer KL Gates
Attorney

Mr. Andersen is a senior corporate lawyer with a focus on commercial, technology and sourcing projects. He has advised on large scale outsourcing projects, technology agreements for both vendors and customers, corporate support, privacy and telecommunications regulatory work. He has acted for government departments, large listed companies, telecommunications companies and technology suppliers.

+61-2-9513-2508
Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices regarding data privacy to identify key risks, develops and implements strategies to mitigate privacy and cybersecurity risks, and advises clients in the investigation of, and response to, data breaches.

Mr. Pulham also serves as a strategic advisor to his clients, regularly advising on large outsourcing and technology procurement matters including negotiating software licensing terms with ERP and CRM vendors such as Oracle, SAP and Salesforce, and on major systems integration transactions. He advises his clients on all facets of their technology practices, procurement and needs, including key technology procurement requirements and licensing issues (acting for both customer and service provider clients), marketing and advertising in compliance with Australian competition and consumer laws, website content and terms of use, and general commercial intellectual property and software licensing matters.

61-3-9640-4414