June 2, 2023

Volume XIII, Number 153


June 02, 2023

Subscribe to Latest Legal News and Analysis

June 01, 2023

Subscribe to Latest Legal News and Analysis

May 31, 2023

Subscribe to Latest Legal News and Analysis

You've Got Mail...and Lots of it According to the Latest OAIC Report!

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

If your organisation insists on receiving or sending information by email, there are ways to reduce the risks, such as:

  • regularly deleting emails that contain personal or sensitive information once it is no longer needed;

  • automatically archiving emails;

  • automatically deleting emails from deleted items; and

  • password protecting or encrypting documents that contain sensitive information sent by email.

In addition to the above, other important takeaways from the report include:

  • the 537 breach notifications from July to December 2019 show a 19% increase in the number of data breaches reported compared to the first half of 2019;

  • the OAIC is happy to require that organisations reissue notifications if they are not satisfied that enough information or practical advice has been provided to the individuals;

  • malicious and criminal attacks are still the majority of NDBs reported at 64%; and

  • the number of NDBs due to human error is still very high at 32%. These are avoidable errors caused by humans, such as sending an email to the wrong person.

These statistics coincide with the trends we are seeing in our clients needing help. They are a reminder to ensure staff are given privacy awareness training and to implement a NDB plan so that, in the event of a data breach, you are prepared.

Copyright 2023 K & L GatesNational Law Review, Volume X, Number 63

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.