The number of privacy breach notifications seen by the Privacy Commissioner nearly doubled in the six months to May.
The commissioner saw a 97% increase in privacy breach notifications since the new Privacy Act came into force on December 1, when compared to the six months prior to its introduction.
Under the new Act, businesses which experience a privacy breach that has caused, or has the potential to cause serious harm, must now report it to the Privacy Commissioner.
More than half of the privacy breaches reported to the Privacy Commissioner have involved emotional harm, and about one third resulted in a risk of identity theft or financial harm.
Failure to report a serious privacy breach is a criminal offence which may result in a fine of up to $10,000.
Privacy Commissioner John Edwards says in the first six months of Privacy Act 2020, his office focused on educating organisations and businesses to help them understand their obligations.
“The law change means that if an organisation suffers a serious privacy breach, it should tell my office as soon as practicable after becoming aware of the breach,” he says.
“We’ve found that breaches can occur in any industry with reports from organisations in the financial and insurance services, the public sector, education and training.”
The most common category of privacy breaches were email errors (25%), with emails containing sensitive information going to the wrong person. Other common types of breaches were the unauthorised sharing of personal information (21%) and unauthorised access to information (17%).
See our story: One Third of Privacy Breach Complaints Relate to Emails