Human error main cause of govt data breaches

Government agencies are the worst offenders when it comes to data breaches caused by human error, a report from the Office of the Australian Information Commissioner (OAIC) reveals.

Angelene Falk

The OAIC says the Australian government has for the first time made it into the top five industry sectors for notifications of data breaches, with human error the main cause.

The government replaced the insurance sector to come in at number five on the notifications list, behind health services; finances; education; and legal, accounting and management services.

The Notifiable Data Breaches Report, released last week, shows the government accounted for six per cent of all breaches, and government agencies experienced a higher proportion of human error breaches than other industry sectors.

Government agencies were also the slowest to identify breaches – with only 61 per cent of government entities identifying the incident within 30 days, compared to 88 per cent of health service providers – and the slowest to notify the OAIC.

Between July and December last year the government made 33 notifications, with human error accounting for 29 of those, or 88 per cent. Two notifications were the result of a system fault and two were malicious or criminal.

Fourteen of the human error breaches were the result of personal information being sent to the wrong recipient, and ten involved unauthorised disclosure.

Australian Information Commissioner and Privacy Commissioner  Angelene Falk says it’s important for government agencies to meet their obligations around  privacy maintain public trust.

“Agencies experienced a higher proportion of human error breaches compared to other industry sectors,” she said in a statement.

“Specific privacy requirements are imposed on Australian Government agencies that are intended to build a consistent, high standard of personal information management across the Australian Public Service.

“These include obligations to conduct privacy impact assessments, have a privacy management plan, appoint a privacy officer and a privacy champion, and to provide privacy education and training at regular intervals.”

The OAIC provides a range of guidance, advice and training resources to help agencies meet their obligations under the Australian Government Agencies Privacy Code.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required