When examined properly, statistics offer us all a chance to learn from the past and be better in future. We publish statistical information via Annual Reports and quarterly press releases to ensure that we are transparent and accountable about our activities as well as helping to highlight areas of particular focus for the future.
What is a personal data breach?
A personal data breach is defined in section 111(1) of the Law as any incident that meets the following criteria:
- “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
There will likely be a breach whenever any personal data is accidentally lost, corrupted or disclosed, or if someone accesses it or passes it on without proper authorisation to do so.
Why do breaches need to be reported?
One of the key changes to the local data protection law that came into force in May 2018 is that organisations are legally required to notify the ODPA of any personal data breach within 72 hours of becoming aware of it (see section 42 (2) of the Law). You can report a breach to us here.
Why does the ODPA publish breach statistics?
We published statistics of the number of breach reports we receive every 2 months since October 2018, before changing to a quarterly routine to better align with internal processes.
Publishing this information allows everyone to benefit from a better understanding of how and why breaches happen and how they can be avoided in future.
