It seems like every other day we see another media release about an organisation affected by a data breach, compromising the personal information of Australians.
The Office of the Australian Information Commissioner’s (OAIC) Notifiable Data Breaches Report: July to December 2022 shows that during this period, data breaches resulting from malicious or criminal attacks accounted for 70% of all notifications – a 41% increase from the previous six months.
So what can organisations do to prepare for and respond to data breaches?
What is a data breach?
A data breach occurs when personal information that an organisation holds is subject to unauthorised access or disclosure or is lost.
This can involve an employee mistakenly providing the personal information of an individual to the incorrect recipient, or a database containing the personal information of millions being ‘hacked’ or otherwise illegally accessed by individuals outside of the organisation.
Who is at risk of a data breach?
Small businesses, large organisations and government alike are all at risk. A data breach can affect anyone who has collected and stored the personal information of an individual.
How to manage a data breach
Whether the breach involves data relating to one or millions of individuals, the following steps should be taken promptly:
- Identify the breach and the personal information involved
- Contain the breach with appropriate actions
- Assess the breach, including whether there is a risk of serious harm to the affected individuals
- Mitigate the breach and consider who to involve in responding to the breach (for example, internal areas, or the OAIC and the affected individuals if the breach is an eligible data breach for the purposes of the Notifiable Data Breaches scheme)
- Review the breach and implement strategies to address weaknesses in data handling (for example, enhanced security or a Data Breach Response Plan).
If your organisation needs any assistance or advice with privacy matters, data breaches or preparing a data breach response plan, contact Griffin Legal.