Mandatory Data Breach Legislation: The Results so far.

Mandatory Data Breach Legislation: The Results so far.

Trent : On February 22nd 2018, the Australian Government introduced Mandatory Data Breach Legislation which had a direct impact on a large number of Australian organisations. The changes put into a very simple manner meant that if you or someone that falls under the umbrella of the outlined organisations, willingly or unwillingly transfers information about someone else of a personal nature to an unauthorised third party that may result in serious harm.

You have to alert that specific individual or individuals and also the Australian Information Commissioner. More recently The Office of the Australian Information Commissioner released a report that illustrates what’s been happening since it’s inception on Feb 22nd. The results are as follows.

The number of data breaches in February and March were 63. The top industry that reported data breaches was health service providers with Legal accounting and management services coming in a close second.

The highest reported number for the type of information breached was contact information which includes an individual’s name, email address, home address or a phone number.

Now the most interesting thing about all of this information is where the actual source of the breach originated. In just over half of the reported cases the breaches came down to human error. Now in reality what this could look like is someone accidentally sending an email to the wrong person and that email has some personal information in it about someone else. The second highest source of breach came from malicious or criminal attacks. These usually involved theft of personal information or cybersecurity incidents resulting from unauthorised access to an individual’s system.

Now after looking at all of those statistics it leads me to make two key takeaways. These are that comprehensive staff training is paramount, they need to be aware of what it means for them, your organisation and the people or person involved in the breach.

Another thing that your organisation needs to think about is combatting human error through technology. You need to think of a real world situation which could happen. Like what would happen if you were to leave your phone unlocked on a train? What would happen if you unintentionally attached a confidential document to an email and sent it to someone you didn’t mean to. It’s a really interesting topic and it can get quite in-depth. So I’m going to dive into that a little deeper in the coming weeks. It’s also vital that your organisation has strong security protocols to ensure that unauthorised access isn’t given to anyone at anytime.

Now adhering to this mandatory data breach legislation isn’t just for the benefit of your customers and ensuring their information is safe and secure. It should also be noted that failing to notify or identify a breach such as what was spoken about earlier comes with substantial penalties to both an organisation and the individual as well. If you would like to discuss or receive any more information about Mandatory data breach notification and legislation just fill out your name in the pop-up screen that’s going to come up next and I’ll be in touch. Thanks for watching.