Companies handling sensitive health, financial and personal data have reported an explosion of privacy breaches since Facebook’s Cambridge Analytica scandal.
Australian Information Commissioner Angelene Falk on Monday said 1132 companies reported local breaches in the year to March 31 – compared to just 159 voluntary notifications in the previous 12 months.
It’s been a little over a year since new commonwealth laws forced medium to large organisations to reveal when personal data was improperly accessed.
Some 16.5 million people were affected in the 1132 breaches. In one breach alone in 2019, data on more than 10 million people was exposed.
“Overall, the leading cause of data breaches was compromised credentials with 159 linked to phishing – people being tricked or lured into providing their username and password,” Ms Falk told a business breakfast in Sydney.
About 350 breaches were down to human error, such as an employee losing a hard drive or emailing someone’s file to a third-party.
Ms Falk said her investigation into Facebook’s Cambridge Analytica breach was in an advanced stage.
That incident, which affected more than 300,000 Australians, was one of at least three data breaches the tech giant has had to publicly acknowledge since March 2018.
The information commissioner said data including personal information was now the lifeblood of the digital economy and continued to raise new challenges “about the way we operate”.
“The intersection between consumer protection, privacy and data protection is increasingly relevant,” Ms Falk told the breakfast.
Ms Falk said businesses should be prepared for data breaches, know what personal information was on file and have plans on how to talk to affected consumers.
Data privacy expert Sheila FitzPatrick said too many businesses are still not thinking about why they’re collecting data and often wrongly presume the regulator won’t target smaller companies
“In the past six months, 13 very small companies have been sanctioned under (Europe’s data protection regulations),” she said. “It’s not just the big companies.”