Human error flagged for data breaches
Human error accounted for 35 per cent of data breaches in Australia since mandatory reporting began last year, according to a report.
In its first 12-months insight report since mandatory data breach notifications began 1 April last year, the Office of the Australian Information Commissioner found that across all sectors, human error resulted in 340 notifiable data breaches out of a total 964 notifications.
The type of error that heralded the most notifications? The sending of private information to the wrong recipient via email, with 97 data breaches recorded by the report.
Unauthorised disclosure was up next, with 62 breaches recorded over the year-long period, while the loss of paperwork or a data storage device was the reason given in 46 instances of notification, according to the statistics provided.
On 42 occasions, private information was sent to the wrong recipient via mail, and a further 24 persons failed to correctly use the BCC function when sending an email.
Further, the sending of private information to the wrong recipient via fax, insecure information disposal, and unauthorised disclosure of information verbally also resulted in a number of notifiable data breaches.
According to the report, “the predominance of human factors in data breaches emphasises the importance of education and training for all employees who handle personal information”.
The report recommended implementing “valuable practices” and technological solutions such as multifactor authentication or system requirements that force users to choose a strong password and change it regularly.
Lawyers Weekly has compiled a number of best practice tips for prevention and management of data breaches, as released by the Office of the Australian Information Commissioner.