Australia: OAIC releases Notifiable Data Breaches Report for January to June 2020
The Office of the Australian Information Commissioner ('OAIC') released, on 31 July 2020, its Notifiable Data Breaches Report for 1 January 2020 to 30 June 2020 ('the Report'). In particular, the Report outlines that 518 breaches were notified to the OAIC, which is a 3% decrease compared to the previous six months, and that malicious or criminal attacks including cyber incidents were the leading cause of data breaches, accounting for 61% of all notifications, while data breaches resulting from human error accounted for 34% of all breaches. Furthermore, the Report notes that the health sector was the highest reporting sector, notifying 22% of all breaches, with the financial sector notifying 14% of all breaches. In addition, the Report highlights that most data breaches affected less than 100 individuals and that contact information remains the most common type of personal information involved in a data breach.
Finally, the OAIC outlined that notifications made under the My Health Records Act 2012 were not included in the Report as they are subject to specific notification requirements set out in the same.