The most recent report relates to the period July 2020-December 2020 and it shows some interesting trends. Compared with January – June 2020, the current report (available here) shows there was only a small (5%) increase overall in the number of notifiable data breaches. However again, and consistent with previous Reports, the percentage of notifiable data breaches attributable to human error has risen, this time up 18% to amount to 38% of all notifiable data breaches.
Interestingly, in November 2020, the OAIC received only 62 notifications, compared with over 100 notifications for each of July, August and September.
In terms of the sectors most affected, the Health sector continues to lead the way with the most number of NDBs, with the Australian Government also making it into the top 5 for the first time since the scheme began in February 2018. The number of notifiable data breaches per sector were:
- Health service providers - 123
- Finance (incl. superannuation) - 80
- Education - 40
- Legal, accounting & management services - 38
- Australian Government - 33
In a year like no other, the OAIC closely monitored trends in notifications which may have arisen from remote working arrangements implemented in light of the COVID-19 pandemic.
The OAIC states: "it is noteworthy that there has only been a modest increase of 5% in the total number of notifications compared to the previous reporting period. However, it is also notable that data breaches resulting from human error have significantly increased, both in terms of the total number received – up 18% – and proportionally – up from 34% to 38% of all notifications. While it is possible that this increase is linked to changed business and information handling practices resulting from remote working arrangements, the OAIC is yet to identify any information or incidents that conclusively prove a link."
Of the NBD’s attributable to human error, by far the largest cause is personal information being sent to the wrong participant via email.