Almost half of all human error-related government data breach notifications involved sending information to the wrong recipient.

Government agencies are the worst offenders when it comes to data breaches caused by human error, a report from the Office of the Australian Information Commissioner (OAIC) reveals.

The OAIC says the Australian government has for the first time made it into the top five industry sectors for notifications of data breaches, with human error the main cause.

The government replaced the insurance sector to come in at number five on the notifications list, behind health services; finances; education; and legal, accounting and management services.

The Notifiable Data Breaches Report, released last week, shows the government accounted for six per cent of all breaches, and government agencies experienced a higher proportion of human error breaches than other industry sectors.

Government agencies were also the slowest to identify breaches – with only 61 per cent of government entities identifying the incident within 30 days, compared to 88 per cent of health service providers – and the slowest to notify the OAIC.

Between July and December last year the government made 33 notifications, with human error accounting for 29 of those, or 88 per cent. Two notifications were the result of a system fault and two were malicious or criminal.

Fourteen of the human error breaches were the result of personal information being sent to the wrong recipient, and ten involved unauthorised disclosure.

Australian Information Commissioner and Privacy Commissioner Angelene Falk says it’s important for government agencies to meet their obligations around privacy maintain public trust.

“Agencies experienced a higher proportion of human error breaches compared to other industry sectors,” she said in a statement.

“Specific privacy requirements are imposed on Australian Government agencies that are intended to build a consistent, high standard of personal information management across the Australian Public Service.

“These include obligations to conduct privacy impact assessments, have a privacy management plan, appoint a privacy officer and a privacy champion, and to provide privacy education and training at regular intervals.”

The OAIC provides a range of guidance, advice and training resources to help agencies meet their obligations under the Australian Government Agencies Privacy Code.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.

Sign up to the Government News newsletter

Staff Writers

Human error main cause of govt data breaches

TAGS

Leave a comment: Cancel reply

Latest comments

Sue Phillips on: 15 councils participate in SA emissions reduction trial

Garth Daddy on: War memorial contracts fudged, audit finds

Roger Buhlert on: New VLGA appointment vows to lift governance standards

Most read

Scathing report finds little has changed at PwC

Qld council welcomes progress on massive battery system

‘Local’ procurement turns out not to be so local, committee hears

MoG changes see regions, investment return to NSW Premier’s Department

Sam Mostyn appointed as new GG

Popular posts

Latest news

Niki Savva appointed to Board of Old Parliament House

Monitors at Glenelg reappointed amid ‘behaviours of concern’

AI picks up 2,000 road defects a week for disaster-hit NSW council

Australian healthcare expensive but good, research finds

Bureaucrats grilled over ‘fake’ govt emissions certificate during greenwash inquiry