The National Data Breach (NDB) reporting system has been in operation since February and the Office of the Australian Information Commissioner (OAIC) has released their first quarterly report that covers the new reporting regime. Unsuprisingly, the number of breaches reported is way up on previous periods with human error a significant issue.
The first full month of reporting, March 2018, saw 55 breaches reported to the OAIC with eight breaches reported in February. None were reported in January, before the new NDB scheme came into play.
Of the 63 breaches reported in the first quarter of 2018, 15 came from healthcare providers with legal and financial services reporting another 18 between them. Over half of all the breaches reported were the result of human error with 28 of the breaches the result of malicious or criminal attacks.
While mega-breaches get a lot of attention, it's important to note that the vast majority of the breaches reported to the OAIC affected the data of fewer than 100 people with 20 of the breaches affecting just one person.
It's still early days for the NDB scheme but it's good to see companies reporting issues. Importantly, this early data suggests a signficant number of the breaches can be addressed by more focus on business processes and other safeguards that stop users from making mistakes or by placing appriopriate checks in place to ensure accidental disclosures of PII are avoided.
Yoiu can read the full report here.