In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Published: 4 March 2019
‘Whilst it appears on face value that the healthcare sector is disproportionately responsible for more breaches, the reality is much more complex. This sector routinely deals with significant amounts of sensitive ‘special category’ personal data, so more of their breaches are likely to meet the severity criteria at which there is a legal obligation to report to us. That, combined with the fact that certain healthcare providers are taking what we consider to be the enlightened approach of choosing to report all breaches to us, means that we see a high number of healthcare data breaches in the statistics. Organisations within other sectors, such as certain public authorities assess all incidents and only report medium-to-high level personal data breaches to us. This gives the appearance that these sectors are experiencing fewer breaches.’Mrs Martins also emphasised that organisations who report are positively engaged with their legal obligations to protect people’s data.
‘Whilst no-one wants to see breaches, the reality is they are happening all the time. We would be more concerned if no reports were received as that would indicate a lack of compliance with the law as well as a lack of trust and confidence in our office by the regulated community.’All organisations are encouraged to take a proactive approach to their breach reporting obligations in the knowledge that this will assist them in understanding and managing their own risk, as well as providing the ODPA with valuable information to support its work.