Over 180 business leaders from some of Australia’s largest organisations have met with the Australian Privacy Commissioner Timothy Pilgrim to discuss how to prevent data breaches and how to respond to one, if or when it occurs.

 

“The Office of the Australian Information Commissioner (OAIC) was notified of 56 data breaches in the last financial year, equivalent to a data breach a week. This is up from 44 in the previous year, an increase of 27 per cent,” Mr Pilgrim said.

 

Data breaches can occur in a multitude of ways, ranging from stolen laptops or portable storage devices, hacking or mistakenly providing information to the wrong person.

 

“Serious harm can befall people when the security of their personal information is compromised”, Mr Pilgrim said. “It is our view that whenever there is a real risk of serious harm, affected individuals should be notified.”

 

Data breach notification is not a mandatory obligation applying generally to government and business in Australia.  However, there is increased pressure on the Government to introduce laws to make it a general legal requirement as it is elsewhere — data breach notification is already a mandatory requirement in Europe, the UK and the United States.

 

“As legislative change is considered by the Government, the OAIC has updated a guide to assist agencies and organisations to respond to data breaches,” Australian Information Commissioner John McMillan said in launching the revised guidelines.

 

Data breach notification: A guide to handling personal information security breaches outlines four steps to consider when responding to a breach or suspected breach and also outlines preventative measures that should be taken as part of a comprehensive information security plan.