Latest Products

Human Error is on the Rise

Thursday 24 February 2022

Human error is catching up with malicious attack when it comes to reported privacy breaches.

On the fourth anniversary of Notifiable Data Breach regime the  Office of the Australian Information and Privacy Commissioner (OAIC) is reminding regulated entities to continue to manage data fairly and securely.

OAIC Commissioner Angelene Falk said in an official statement, “Australians expect that their personal information will be handled with care when they choose to engage with a product or service and are more likely to entrust their data to organisations that have demonstrated effective privacy management.” 

However, despite the program being in place for four years, the OAIC has identified that some organisations are falling short of expectations under the NDB regime.

The latest data shows that between July to December 2021,  11 per cent of organisations were not aware of the breach for over a year, which meant that affected consumers would not have been notified in the case of a breach that could cause serious harm.

For that period  the OAIC  received 464 data breach notifications, with the health and finance being the top data breach reporters.

55 per cent of all breaches reported were suspected to malicious or criminal attacks, 41  per cent were human error and just 4 per cent were assessed as system faults.

While malicious attacks have fallen by just nine er cent since the last period, human error has risen by 43 per cent.

The report highlighted that the top causes of human error are personal information being emailed to the wrong address, an unintended release of a publication,  lor loss of paperwork or data storage.

Emailing to the wrong person or address is 43 percent of all human error challenges.
The OAIC said in a formal statement, “As the risk of serious harm to individuals often increases with time, the OAIC expects organisations to treat 30 days as a maximum time limit for an assessment of a data breach and to aim to complete the assessment in a much shorter timeframe.”

Falk continued that this would make it harder for  individual to protect themselves against further harm.

The Australian and information and privacy commissioner said, “The scheme is now mature, and we expect organisations to have accountability measures in place to ensure full compliance with its requirements.”

At the GRC 2021 Annual Conference, she told attendees that the OAIC will take a more enforcement approach against organisations who continue to meet their obligation under the NDB regime.