A data breach is any event or situation where confidential data is accessed, disclosed or lost control of to another, unauthorised known or unknown individual or business. Although a data breach is usually digital in nature, it is possible for a breach to also be in relation to physical data such as paper forms or records. In the digital context, a data breach is considered a data protection failure. In Australia, a data breach that releases confidential personal information that could result in serious harm to people is considered a Notifiable Data Breach. This must be reported to the Office of the Australian Information Commissioner.
Data Breach prevention requires each and every person associated with a business be aware of what type of data they’re handling, and what the implications are if that data is released, either intentionally, or accidently. Of particular note is that if a device such as a phone, iPad or laptop is lost, and it contains confidential information about a person which could result in serious harm if exposed, then this event is a data breach which is notifiable in nature (see OAIC https://www.oaic.gov.au/privacy/notifiable-data-breaches/about-the-notifiable-data-breaches-scheme).
Personal information is considered to include –
- Names, signature, address, phone numbers, or date of birth.
- Employee records,
- Photographs of a person,
- Financial details,
- Voice recordings,
- Location data,
- Sensitive information such as religion, race or ethnicity, political affiliation, sexual orientation, health records, and association memberships.
Unauthorised disclosure or loss of any of these types of data is likely to require a Data Breach notification. It stands to reason that it should be carefully protected whether in an office, at home or on the road.
The act of completing a Data Breaches Notification is part of the management duties of a business owner, executive and management. This is a part of a business’ CyberSecurity Governance documentation, which will be discussed in a later, specifically business management targeted module.
Comments are closed.