The Notifiable Data Breach (NDB) went into effect on Feb 22, 2018 and is intended to strengthen the protection of the personal data of all individuals within Australia. It introduced an obligation for organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
Make sure your organisation doesn’t overlook common vulnerabilities and use the right tools to achieve compliance. Having a data breach can impact not just the individuals whose data you are entrusted with, but your organisation as well.
The first results of the NDB scheme
Since the NDB has been enforced, the OAIC has published quarterly reports concerning the notifications it has received. While the first such report covered only a few weeks following the implementation of the NDB, the second, released at the end of July, was the first to cover a full quarter.
The OAIC reported receiving 242 breach notifications, 59% of which were caused by malicious or criminal attacks, 36% by human error and 5% by system faults. Health was the most affected industry by far, totaling 49% of the breaches, followed by finance with 36%, legal, accounting and management services with 20%, education with 19% and business and professional associations with 15%.
Most of the malicious or criminal breaches reported resulted from compromised credentials, while the most common human error was sending emails containing sensitive personal information to the wrong recipient. While cyber incidents were the most frequent, theft of paperwork or storage devices was also a notable source of breaches. While some of these issues can be solved through staff training, Data Loss Prevention and encryption solutions can also be used as reliable tools against human error and lost or stolen devices.
Detection and monitoring of breaches
In order to report data breaches, you firstly need to be able to detect and monitor these breaches. Start by asking the following list of qualifying questions:
- Do you have tools and processes to detect the three types of breaches (unauthorised access, unauthorised disclosure and data loss)?
- Do you have continuous monitoring in place? Do you have an in-house or an outsourced managed data protection?
- Does your organisation need assistance detecting and monitoring breaches?
Want more information on Data Loss Prevention? Click here to learn more.