Spike in online customers exposed to serious harm
MORE than 15 organisations are coming forward each week to admit they've exposed customers to serious harm.
The rate is exponentially higher than under an old voluntary scheme, and is putting significant pressure on the privacy watchdog that deals with data breaches.
There have been 812 breaches reported since the mandatory regime took effect last February, compared to just 114 admissions the previous year. Criminals are responsible for most cyber attacks, with human and systemic errors also contributing factors.
Most data breaches involve the compromise of usernames and passwords. Information Commissioner Angelene Falk admits the spike in data breaches is leading to long delays in other areas of her work.
The Office of the Australian Information Commissioner is also responsible for freedom of information reviews and privacy complaints against government departments and agencies.
"Inevitably, because of the increased workload across all of our functions, unfortunately it is leading to some extended periods of delay in actioning some of the work," Ms Falk told a Senate estimates hearing on Tuesday.
Her office was asked to review 542 freedom of information decisions by government agencies between July and December, a 42 per cent increase on the same period the previous year.
Its finalisation rates have improved by 20 per cent, but some FOI requests are taking 11 months to be assigned a case manager.
Ms Falk said she was continuing to "seek efficiencies" in review processes. "Nonetheless, the incoming work is greater than that which we are able to resolve and this is impacting on timeliness across both FOI and privacy regulatory work," she said.
The number of privacy complaints has also increased by 22 per cent and some matters are waiting up to nine months for attention.
Ms Falk said her workload had been steadily increasing over the past three years.
"However, in the past six months from July to December, we've seen further increases," she said.
Ms Falk acknowledged her office needed more staff, but said it was simplistic to ask for more resources alone.
"There would be no regulator in the country, I'm sure, who wouldn't say that inevitably time frames couldn't be improved with additional resources, and I am no exception to that."