Oz privacy comish says breaches could double this year
Åustralian outfits have already 'fessed up to sixty breaches since March 2014
The office of Australia's Federal Privacy Commissioner has received 60 voluntary data breach notifications in the six months since 12 March compared to 71 received in the 2014 financial year.
The statistics provide to Vulture South and repeated at the Australian Information Security Association conference include all manner of consumer and staff privacy exposures including hacking breaches and lost storage devices.
The data shows about 30 breaches have been noted since June 30.
"Our office has been very busy over the last few months with data breaches voluntarily reported to us and some" discovered by the department", Commissioner Timothy Pilgrim told delegates at the conference last Friday.
"In one instance we found out about a breach that happened three years ago and this is simply not acceptable and was clearly not going to be looked upon favourably by our office."
Organisations whose breaches were reported by whistle blowers or more often the media could "pretty much rely on a full investigation being opened which may become a public process", Pilgrim told El Reg.
The soon-to-be-shuttered Office of the Australian Information Commissioner (OAIC) processed all of the reported breaches since most did not require in-depth investigation. The absence of further scrutiny is a reflection of the affected organisations being found to have taken "reasonable steps" to secure private information before or after the event. Individuals impacted by the breaches had also been notified.
Last year the OAIC received 4239 privacy complaints, a whopping 183 percent up on the previous 12 months. Its inquiry line fielded 11,000 calls and 2500 frustrated letters, up 30 percent. Most of these were from individuals.
Pilgrim took the opportunity to tout the benefits of a mandatory data breach law, the mean sister of Australia's reformed Privacy Act which would compel organisations to report breaches and bolster security rather than purchase brooms and rugs.
"I've always personally been in favour of a mandatory data breach notification system, as I believe it helps individuals to manage the risk to them in cases where their personal information has been compromised.
"Data breaches unfortunately appear to be an inevitable part of business in the information age and a data breach notification law could help businesses deal with this risk and respond to this breach."
Pilgrim said strong security was a good competitive market differentiator. ®