In the 2023-24 financial year, Australia saw nearly 94,000 reports of cybercrime submitted to the Australian Cyber Security Centre. This was a 23% increase compared to the previous year. The Australian Signals Directorate (ASD) received over 36,700 calls to its Australian Cybersecurity Hotline, an increase of 12% from the previous financial year. The ASD also responded to over 1,100 cybersecurity incidents. These statistics highlight the continued threat to critical data networks.
Once personal information has been collected by an organisation, individuals have limited controls over their data and must rely on the organisation to maintain security controls on an ongoing basis. However, individuals can take steps to protect their own data, including:
- Using a pseudonym instead of real identity if the service you are using does not need to verify your identity. The Australian Privacy Principle (APP) 2 provides that individuals must have the option of dealing anonymously or by pseudonym with an APP entity unless it is not practical. APP2 gives individuals a right to refuse using their real name, or email addresses containing their real name, when signing up to memberships and regular updates. Individuals can minimise the impact of data loss by limiting the use of their personal information. Real identities will be required for certain services, such as when signing to a mobile plan, receiving medical services or applying for a loan or a credit card.
- Only disclose personal information to trusted organisations. Before disclosing personal information to an organisation, individuals are advised to check what security measures are in place at this organisation. Many organisations have a privacy policy and a security trust centre page, where details of their privacy and security controls are published.
- Understand what information is being collected. The answer may seem obvious sometimes when filling out a form asking for personal information. But for certain services, like downloading an app from the app store, it is often a grey area. You may need to do some research to confirm whether information such as location data and IP address will be collected by the app. Some apps even receive health information in the background without attracting much attention. It is important to know what information will be collected by the apps before granting access.
- Check if your personal information will be shared with third parties. Some organisations sell personal information to marketing and advertising agencies. This should be mentioned in the organisation’s privacy policy. You should not hand over any personal information without knowing where their information will end up.
If a cyber incident has occurred and data loss has been confirmed, you may need to replace compromised documents. Seeking support from IDCare (www.idcare.org) is a good place to start if you are a victim of cybercrime.
The privacy team at Griffin Legal can assist you in the event of a cybersecurity attack and help to minimise the impact of a cybersecurity incident. Please feel free to contact our privacy team for tailored advice.