May 27, 2020

May 26, 2020

Subscribe to Latest Legal News and Analysis

Over Half of Notifiable Data Breaches Caused by Human Error

Following on from Friday’s blog, we have looked at a particular aspect of the Office of the Australian Information Commissioner’s Notifiable Data Breaches Scheme quarterly report in more detail.

Interestingly, the report revealed that just over half of the data breaches notified to the OAIC were caused by human error (for example, by incorrectly addressing an email). This suggests to us that organisations have an opportunity to mitigate the risk of a data breach occurring and in turn, reducing the need to notify data breaches to the OAIC. While some cyber risks are outside of our control, human error is not.

Organisations can reduce the risk of suffering a data breach by having processes in place to mitigate the risk of human error and inadvertent disclosures occurring. This may include technology solutions, addressing cyber risk as part of an organisation’s enterprise risk management, regularly conducting privacy training with all staff and undertaking privacy impact assessments for high risk projects.

Copyright 2020 K & L Gates


About this Author

Warwick Andersen Technology Lawyer KL Gates

Mr. Andersen is a senior corporate lawyer with a focus on commercial, technology and sourcing projects. He has advised on large scale outsourcing projects, technology agreements for both vendors and customers, corporate support, privacy and telecommunications regulatory work. He has acted for government departments, large listed companies, telecommunications companies and technology suppliers.

Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices regarding data privacy to identify key risks, develops and implements strategies to mitigate privacy and cybersecurity risks, and advises clients in the investigation of, and response to, data breaches.

Mr. Pulham also serves as a strategic advisor to his clients, regularly advising on large outsourcing and technology procurement matters including negotiating software licensing terms with ERP and CRM vendors such as Oracle, SAP and Salesforce, and on major systems integration transactions. He advises his clients on all facets of their technology practices, procurement and needs, including key technology procurement requirements and licensing issues (acting for both customer and service provider clients), marketing and advertising in compliance with Australian competition and consumer laws, website content and terms of use, and general commercial intellectual property and software licensing matters.

Keely O'Dowd, K&L Gates, attorney, Melbourne

Ms. O'Dowd is an experienced lawyer with a focus on technology and sourcing projects. She advises on a broad range of technology transactions, including procurement, outsourcing and software licensing. This work includes drafting and advising on a range of IT procurement and supply agreements. Ms. O'Dowd advises a range of corporations on privacy and cybersecurity.