Next Post

The office of the Australian information Commissioner (OAIC) has recently released their quarterly report on data breach notifications. This report relates to the notifiable data Breaches (NDB) scheme, which came into force on 22 February 2018. The NDB scheme applies to entities with existing obligations to secure information under the Privacy Act 1988.

The OAIC received 63 data breach notifications in the first six weeks of the scheme’s operation. In the 2016–17 financial year, the OAIC received 114 data breach notifications on a voluntary basis.

Number of Breaches Reported

Key statistics from the first quarterly report

Findings from the first quarter of 2018 show that the largest proportion of breaches was from health service providers, at 24%. Health service providers include any organisation that gives a health service and holds health information. The second largest proportion was from the legal, accounting and management services sector, at 16%. This was followed by the finance sector (13%), private education sector (10%), and charities (6%).

What Kind of Personal Information Was Breached?

78% of reported data breaches involved individual’s contact information. While 33% involved health information and 30% involved financial details.

Kinds of personal information

% of NDBs received

Contact information


Financial details


Health information


Identity information


Other sensitive information


Tax File Number (TFN)


What Were the Main Causes of the Breaches?

51% of the eligible data breach notifications received indicated that the explanation for the breach was human error. 44% of breaches were reported to be the result of malicious or criminal attack, and 3% the result of system faults.

Source of Breaches


By Amy at 14 Aug 2018, 10:22 AM