Data Breach: Where and how are data breaches really occurring?

    Author //

      No items found.

    By Peter Karcher, Partner and Jake Reid, Lawyer

    Six weeks after the commencement of the Notifiable Data Breaches (NDB) scheme, the Office of the Australian Information Commissioner (OAIC) published its first quarterly report on mandatory data breach notifications.Whilst the report must be viewed with some caution given the brevity of the reporting period, it does support previous findings that suggest that human error remains a major issue for businesses accountable for the protection and integrity of the personal information they hold.

    The OAIC received 63 data breach notifications during the reporting period, which ran from the commencement of the NDB scheme on 22 February 2018 until the end of March. Not surprisingly, health service providers were the leading industry sector that reported data breaches to the OAIC, accounting for just under a quarter (24%) of all notifications. Next came legal, accounting and management services (16%), demonstrating that professional services businesses need to be aware of and across the NDB scheme.

    The majority (78%) of data breaches notified to the OAIC were reported to involve individuals’ contact information, which includes data such as an individual’s name, email address, phone number and home address. A significant percentage of data breaches involved health information (33%) and financial details (30%).

    Over half (59%) of the data breach notifications reported that the personal information of between one and nine individuals was affected, whilst the vast majority (90%) related to breaches involving the personal information of less than 1,000 people.

    Perhaps of most interest for businesses is the source of data breaches for the quarter. Human error was reported to be the source for just over half (51%) of the notified data breaches, closely followed by malicious or criminal attacks (44%).

    Whilst any fears of malicious or criminal attacks are evidently not unfounded, mistakes and errors are, as expected, proving a more prevalent source of data breaches. Given the results of the report it may be prudent for businesses to focus their energies on considering what additional safeguards they can employ to reduce the risk of human error occurring. This may be as simple as having the functionality to recall emails sent to the wrong person before information is likely to be used or copied or having technology in place to remotely wipe data from a misplaced device. Considering the reputational damage and loss of customer goodwill that a data breach may cause for businesses, this is something that should be at the forefront of their thinking.

    Read the full OAIC report here.

    For more information, please contact Peter Karcher.

    ClarkeKann is a commercial law firm with offices in Brisbane and Sydney. Our expertise covers commercial & corporate transactions, employment & IR, financial services, litigation, risk management and insolvency, property transactions and resources projects, across a range of industries. For a full list of our legal services, please visit our website at To update your contact details or unsubscribe to any of our publications, email us at

    This bulletin is produced as general information in summary for clients and subscribers and should not be relied upon as a substitute for detailed legal advice or as a basis for formulating business or other decisions. ClarkeKann asserts copyright over the contents of this document. This bulletin is produced by ClarkeKann. It is intended to provide general information in summary form on legal topics, current at the time of publication. The contents do not constitute legal advice and should not be relied upon as such. Formal legal advice should be sought in particular matters. Liability limited by a scheme approved under professional standards legislation. Privacy Policy
    < Back to Articles


Our greatest asset is our talented and committed people – they enjoy what they do and value the opportunity to work together and with our clients. Our people are from diverse backgrounds and approach their work with intellectual rigour and enthusiasm. Find out more


ClarkeKann has received the Australia-Taiwan Business Excellence Award for our efforts promoting and advising on most of the major investments from Taiwan into Australia over the last 20 years. Click below for more details about Foreign InvestmentVIEW MORE


Click below to subscribe to our publications and to receive the latest news VIEW MORE