When examined properly, statistics offer us all a chance to learn from the past and be better in future. We publish statistical information via our Annual Reports and our bi-monthly self-reported breach press releases to ensure that we are transparent and accountable about our activities as well as helping to highlight areas of particular focus for the future.
What is a personal data breach? A personal data breach is defined in section 111(1) of the Law as any incident that meets the following criteria:
“a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
There will likely be a breach whenever any personal data is accidentally lost, corrupted or disclosed, or if someone accesses it or passes it on
without proper authorisation to do so.
Why do breaches need to be reported? One of the key changes to the local data protection law that came into force in May 2018 is that organisations are legally required to notify the ODPA of any personal data breach within 72 hours of becoming aware of it (see
section 42 (2) of the Law). You can report a breach to us here.
Why does the ODPA publish breach statistics? We have published statistics of the number of breach reports we receive, every 2 months since October 2018. Publishing this information allows everyone to benefit from a better understanding of how and why breaches happen and how they can be avoided
in future.