Notifiable data breaches update - Australia

By Lisa Vanderwal, Sophie Dawson, Hamish Fraser


Bird & Bird has developed a resource to help assess whether a data breach is notifiable or not, which can be accessed here.  

The first quarterly report on the Notifiable Data Breaches (NDB) scheme has been issued by the Office of the Australian Information Commissioner (OAIC). 

The OAIC received 63 data breach notifications in February and March, with a majority of the breaches caused by human error. The next most common cause was malicious attacks, with a small number being caused by system faults.The majority of data breaches involved contact information (name, address, phone), while a smaller number involved health information, financial details or identity information (drivers licence, passport). Almost a third of the reported data breaches affected only 1 person. 

The top 5 sectors identified by the OAIC as suffering the highest number of data breaches are: 

  • health service providers;
  • legal, accounting and management services;
  • finance;
  • private education; and
  • charities. 

Please contact one of our data protection team members below if you need assistance in relation to a data breach.