Administrator
ID Verified
Trusted
Geekzone
The OPC has released its privacy breach report - and there's quite a few.
Human error is the leading cause of serious privacy breaches, according to a new report released today by the Office of the Privacy Commissioner (OPC).
“We are seeing clear patterns emerging since mandatory reporting of serious privacy breaches came into effect with the Privacy Act 2020 on 1 December last year,” says Privacy Commissioner John Edwards.
Since reporting of serious privacy breaches became a legal requirement, OPC has seen a nearly 300% increase in privacy breach reporting compared to the same 11-month period the year before.
Human error has been the leading cause of serious privacy breaches during this period (61 percent), with email error accounting for over a quarter of those breaches. Other types of privacy breaches in the human error reporting were accidental disclosure of sensitive personal information, data entry errors, confidentiality breaches, redaction errors, postal and courier errors.
“Organisations can easily prevent email and other human errors with the right training and procedures,” says Mr Edwards.
OPC’s new report Privacy Breach Reporting analyses the types of privacy breaches being reported and is driving the Office’s new compliance and enforcement activities.
“My Office has already issued a warning to an agency for having multiple privacy breaches caused by email error, and we are prepared to take further enforcement action if agencies repeatedly experience privacy breaches caused by email error.”
Mr Edwards emphasises that timely privacy breach notification is a mandatory obligation.
“In June this year, I made my expectations around the timeliness of privacy breach notification clear. A notifiable breach should be reported to my Office no later than 72 hours after an agency has become aware of it.”
Currently, less than half of all serious privacy breach notifications are being made within the expected timeframe.
Under the Privacy Act 2020, organisations or businesses which experience a privacy breach that has caused, or has the potential to cause serious harm, must report it to the Privacy Commissioner. They should do this by using OPC’s online NotifyUs reporting tool.
