Notifiable Data Breaches Report January to June 2020

The Office of the Australian Information Commissioner (OAIC) publishes periodic statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme to assist entities and the public to understand the operation of the scheme. This report captures notifications made under the NDB scheme for the period from 1 January 2020 to 30 June 2020.

Where data breaches affect multiple entities, the OAIC may receive multiple notifications relating to the same data breach. Notifications relating to the same data breach incident are counted as a single notification in this report.

The source of any given breach is based on information provided by the reporting entity. Where more than one source has been identified or is possible, the dominant or most likely source has been selected for statistical purposes. Source of breach categories are defined in the glossary at the end of this report.

Consistent with previous NDB statistical reports, notifications made under the My Health Records Act 2012 are not included as they are subject to specific notification requirements set out in that Act.

NDB notification statistics contained within this report relate to a specific point in time. Some recent notifications covered by the period of this report are under assessment and the status and categorisation of these notifications may change prior to the finalisation of their assessment. Similarly, there may have been adjustments to statistics from previous reports as a result of changes to the status or categorisation of individual notifications. As a result, references to historical data appearing in this report may differ from the information appearing in previous reports covering the relevant period.

Note: This report also contains a correction to data in the July–December 2019 NDB Scheme report published in February 2020. This report stated there was a 19% increase in the number of notifications received when compared to the previous six months. The correct figure was 17%.