About time (at least a step in the right direction) mandatory reporting of data breaches by Australian companies and government. Sadly watered down to events that are classified “likely to result in serious harm” but thankfully all breaches that include credit card and medicare numbers must be reported

More details can be found at the Office of the Information Commissioner (OAIC) and background and submission papers at the Attorney-General’s Department. Fro more see comment and analysis by Roulla Yiacoumi of the Australian Computer Society (ACS).

Australian Information Commissioner

Hopefully the data breach notification process results or evolves into what is undertaken in the USA, with everyone being able to access up-to-date breach information easily on websites like PrivacyRights.org and BreachLevelIndex.com.

Privacy Rights breach notification website Breach Level Index breach notification and analysis website

From BreachLevelIndex latest report (First half findings from the 2016 pdf):

According to data collected in the Breach Level Index (BLI), there were 974 data breaches worldwide in the first half of 2016, up 15% from the 844 breaches during the previous six months (July to December 2015), and up sharply from the 766 data breaches in the first half of 2015.

More than 554 million data records were lost or stolen in the first half of 2016, compared with some 424 million lost or stolen during the previous six months. That represents a dramatic increase of 31%. And considering that 510 of the data breaches (52%) had an unknown or unreported number compromised records, the true number of lost or stolen records is much higher.

From a time perspective, 3,046,456 data records were stolen or lost every day during the first half; 126,936 data records were stolen or lost every hour; 2,116 were stolen or lost every minute and 35 were stolen or lost every second.

Review the complied info-graphic below (based on First half findings from the 2016 pdf report):

Breach Level Index 2016 Infographic

Australian consumers have the right to know when their personal data, including if their email address has been stolen/compromised. All breaches that involves any personal data should require mandatory reporting.

Have a comment or question, leave it in the comments section below.