<img height="1" width="1" style="display:none" src="https://q.quora.com/_/ad/1fa075f6a9144556974dd51ae0b653c7/pixel?tag=ViewContent&amp;noscript=1">
All Posts

Mandatory Data Breach Legislation: The Results so far.

Trent : On February 22nd 2018, the Australian Government introduced Mandatory Data Breach Legislation which had a direct impact on a large number of Australian organisations. The changes put into a very simple manner meant that if you or someone that falls under the umbrella of the outlined organisations, willingly or unwillingly transfers information about someone else of a personal nature to an unauthorised third party that may result in serious harm.

You have to alert that specific individual or individuals and also the Australian Information Commissioner. More recently The Office of the Australian Information Commissioner released a report that illustrates what’s been happening since it’s inception on Feb 22nd. The results are as follows.

The number of data breaches in February and March were 63. The top industry that reported data breaches was health service providers with Legal accounting and management services coming in a close second.

The highest reported number for the type of information breached was contact information which includes an individual’s name, email address, home address or a phone number.

Now the most interesting thing about all of this information is where the actual source of the breach originated. In just over half of the reported cases the breaches came down to human error. Now in reality what this could look like is someone accidentally sending an email to the wrong person and that email has some personal information in it about someone else. The second highest source of breach came from malicious or criminal attacks. These usually involved theft of personal information or cybersecurity incidents resulting from unauthorised access to an individual’s system.

Now after looking at all of those statistics it leads me to make two key takeaways. These are that comprehensive staff training is paramount, they need to be aware of what it means for them, your organisation and the people or person involved in the breach.

Another thing that your organisation needs to think about is combatting human error through technology. You need to think of a real world situation which could happen. Like what would happen if you were to leave your phone unlocked on a train? What would happen if you unintentionally attached a confidential document to an email and sent it to someone you didn’t mean to. It’s a really interesting topic and it can get quite in-depth. So I’m going to dive into that a little deeper in the coming weeks. It’s also vital that your organisation has strong security protocols to ensure that unauthorised access isn’t given to anyone at anytime.

Now adhering to this mandatory data breach legislation isn’t just for the benefit of your customers and ensuring their information is safe and secure. It should also be noted that failing to notify or identify a breach such as what was spoken about earlier comes with substantial penalties to both an organisation and the individual as well. If you would like to discuss or receive any more information about Mandatory data breach notification and legislation just fill out your name in the pop-up screen that’s going to come up next and I’ll be in touch. Thanks for watching.

Related Posts

The 5 types of Insider Threat Facing Businesses

There are multiple ways in which insider threats can spill over into security breaches. Various studies indicate that user behaviour accounts for over 50% of information leaks. In Australia, the Office of the Australian Information Commissioner confirms that user error accounts for between 32 and 37 percent of all Notifiable Data Breaches in each of the four quarterly reports issued to date. These can further be broken down into threats which arise out of negligence and risks which arise out of criminal intent. 

Why an automated IT Quarterly Report just isn’t good enough

Back in the dying days of the 1990s, a truly funny movie called Office Space came out. While the Y2K bug was all the rage at that time, this isn’t what the movie chose to send up. Instead, its most memorable moments revolve around whacking a defenceless printer to pieces in a field, and the endless, mindless ‘TPS reports’ demanded by an overbearing and insensitive boss.

  • 4 min read
  • Sep 9, 2019 12:50:41 PM