During the January to June 2021 reporting period, a number of entities assessed that a ransomware attack did not constitute an ‘eligible data breach’ due to a ‘lack of evidence’ that access to or exfiltration of data had occurred. The OAIC has made it clear in this report that entities...
Having an effective data breach response plan in place upfront is an essential first step to avoid suffering a similar fate. Focus on supply chain A final interesting aspect of the latest NDB report from the OAIC is the issue of ‘secondary’ notifications. Thes...