“The industries reporting most serious breaches are (in this order): health care and social assistance, public administration and safety, services (professional, scientific, technical, administrative and support services), education and training, finance and insurance.
“There is also a slight increase in the percentage of serious breaches caused by malicious activity; however, the majority of breaches are caused by human error.”
Webster said the most common breaches caused by human error are email errors or unauthorised sharing.
Unauthorised access, the most common type resulting in a serious breach, “includes phishing attacks, email system high-jacking for spam or fraud, and installing malware including ransomware”.
“These malicious attacks can impact on the privacy of thousands of people.”
Webster said by far the most common type of harm associated with serious privacy breaches is emotional harm. Other common types of harm include reputational harm, identity theft and financial harm.
He said victims should reach out and report a suspected breach to the OPC as soon as possible.
“Report it. Report the breach as early as possible. Notifiable privacy breaches should be reported within 72 hours of the breach being identified.
“We will work with you as you go through a triage response and help guide you to bring your agency through a crisis.”