Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Australia: OAIC publishes notifiable data breaches report covering July to December 2022

The Office of the Australian Information Commissioner ('OAIC') issued, on 1 March 2023, a press release on cybersecurity incidents and data breach risks and published, on the same date, its notifiable data breaches report covering July to December 2022. In particular, the Australian Information and Privacy Commissioner, Angelene Falk, expressed that cybersecurity incidents were the cause of the majority of large-scale data breaches witnessed in Australia in the past year. In this regard, Falk noted that, "Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats" and that this starts with organisations "collecting the minimum amount of personal information required and deleting it when it is no longer needed". Furthermore, Falk warned organisations to remain vigilant in the face of large-scale compromises of personal information since these may lead to further attacks. Notably, the Falk highlighted that the OAIC welcomes "further proposals to strengthen the Notifiable Data Breaches scheme in the Attorney-General's Department's Privacy Act review report".

Moreover, the report notes a 26% increase of data breach notifications compared to the January to June reporting period of the same year, and highlights that the sectors that notifed most data breaches were health service providers, finance, insurance, legal, accounting, management services, and recruitment agencies. Additionally, the report identifies:

  • a 41% increase in data breaches resulting from malicious or criminal attacks, amounting to 70% of all notifications;
  • that human error was the cause of 25% of all notifications, down 5% in number from the previous reporting period;
  • that the health sector reported the most breaches, followed by the finance sector;
  • that contact information remains the most common type of personal information to be involved in breaches;
  • that the majority of breaches affected 5,000 individuals or fewer; and
  • that 71% of entities notified the OAIC within 30 days of becoming aware of an incident.

You can read the press release here and the report here.