Media release: Effective and responsive data breach plans
Queensland’s Office of the Information Commissioner’s report on government agencies’ assessments of their readiness to respond to data breaches quickly and effectively has been tabled in Parliament today (13 June 2023).
Data breaches are a significant feature in the privacy landscape. Australia’s largest corporate data breaches included cyber-attacks on Optus, Medibank and Latitude Finance, affecting the personal information of millions of Australians.
Government agencies are not immune to the risk of data breaches. Queenslanders entrust government agencies with their personal information. To maintain this trust, agencies need to allocate sufficient time, attention and resources to prevent and manage data breaches.
This was recognised in the independent review into culture and accountability in the Queensland public sector conducted by Professor Peter Coaldrake AO. The Queensland government endorsed the review’s recommendations.
We conducted a survey and asked agencies to report on their planning to respond to data breaches. Some agencies reported that they have comprehensive data breach response plans. However, in general, agencies have more work to do to be ready to respond to data breaches effectively.
Queensland’s Privacy Commissioner and Acting Information Commissioner, Paxton Booth said, “The community entrust government agencies with their personal information and expect government agencies to keep it safe. Unfortunately, this trusting relationship can be disrupted by malicious actors. Agencies must strengthen their systems against attack or mishap. They must also plan for a quick and effective response if a breach occurs.”
“It is good practice for agencies to plan to prevent data breaches and respond quickly and effectively if a data breach occurs. Ideally, agencies would publish information about their plans to build community confidence and trust in government.”
“I commend agencies who are working in this area, and look forward to supporting and working with all agencies to create a secure environment for Queenslanders’ personal information,” Mr Booth said.
We recommend all Queensland government agencies ensure they have appropriate policies, procedures, plans and strategies in place so they can prevent, detect and respond to data breaches quickly and effectively. For example, a comprehensive data breach response plan can help agencies limit the consequences of a breach, including the risk of harm to individuals whose privacy has been affected. Agencies also need to prepare for mandatory notifications to external stakeholders.
Media contact: Steve Haigh, Manager Training and Stakeholder Relations
Phone: (07) 3234 7373
