Notifiable Data Breaches 12-month Insights Report

The Office of the Australian Information Commissioner has recently released its ‘Notifiable Data Breaches 12-month Insights Report’ that looks into the first year since the Notifiable Data Breaches (NDB) scheme was introduced in Australia in February 2018.

“Overall, it was anticipated that the NDB scheme would raise confidence amongst consumers about the entities that they are dealing with, and the increased transparency would provide consumers with more information to make informed choices about whether to transact with particular entities”.

This statement, by the Australian Information Commissioner and Privacy Commissioner Angelene Falk, is perhaps one of the most significant elements of the report as it reinforces the crucial reason Australia’s privacy legislation underwent it’s major overhaul: consumer protection. In a modern world where data is highly accessible to businesses and consumers are increasingly being asked to provide more sensitive information, regulators are tasking the corporate world with the responsibility of maintaining the safety of consumer data.

The report provides valuable insights into the number of reported incidents, the types of breaches occurring and in which sectors. Information is provided on the major data breaches which occurred in Australia, and what companies can learn from these. Importantly the report also compares the Australian regime against other data breach notification laws around the world. Globally the regulatory landscape continues to transform at a rapid pace; privacy laws will continue to evolve to prioritise rights for consumers and provide individuals with greater control over how their data is collected, used and retained.

Cyber risks continue to grow and evolve, not only creating balance sheet issues, but impacting branding and operations as well. The costs involved in investigating and responding to a breach, including notifying affected individuals, paying for legal counsel and employing a crisis management team can be substantial. Additional costs may also arise from third party claims, including allegations of breach of privacy and regulatory actions.

Marsh’s Cyber team has developed a range of risk assessment and quantification tools to help clients identify, manage and transfer the risk associated with various cyber events, including the risk exposures arising from the Notifiable Data Breach Scheme.  Please contact a member of the Marsh Cyber team or your servicing broker for further information.

The Notifiable Data Breaches 12-months Insights Report can be found here.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) arrange insurance and are not an insurer. Any statements concerning legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as legal advice, for which you should consult your own professional advisors. This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy.  Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein.