In this privacyespresso, our Australian expert, Kelly Dickson from the Law firm Macpherson Kelley, provide us with an update on the latest data breach report from the Office of the Australian Information Commissioner (OAIC).
According to Kelly, this report shows some worrisome details, such as:
· That 41% of cases reported were cybersecurity incidents (like ransomware attacks or pishing) aimed at accessing personal data.
· That there is an increase in large-scale breaches such as optus and medibank.
· That only 70% of the notifications came within 30 days, which is a lower number than in previous years.
Out of this, Kelly’s main takeaway regards the need for companies to have data handling practices in place, and specifically, a data breach reporting mechanism. In this way, when a breach occurs, there is just a clear plan to be put into action, preventing people from taking hard decisions while in panic.
In addition, Kelly notices a need for higher awareness of data retention and data minimisation. Too often, Australian companies keep not necessary data or store them for longer times than needed (exposing their clients to not necessary risks).
Finally, Kelly warns about the pending legislation before parliament, that is going to increase privacy-related fines in a very significant manner. This legislation is expected to go public soon, and companies should already improve their practices in order to avoid the risk of similar sanctions.
Interested in what you are reading? Listen to this privacyespresso to know more!