The concern isn’t only cybercriminals sneaking into systems; far too often, corporate data is compromised by employees or trusted partners losing sensitive personal information.
Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC), recorded 176 incidents of data loss due to human error in the first half of 2020 alone.
This included 49 cases where personal information was sent to the wrong email address, 40 where it was unintentionally disclosed, 10 incidents where information was wrongly shared because it was not redacted, and four incidents where data was disposed of in an insecure way.
These breaches pose major problems for companies subject to privacy rules like Australia’s Privacy Act, the new Consumer Data Right (CDR), and the EU’s general data protection regulation (GDPR), which can impose significant fines on companies and their executives.
A key part of these privacy controls is mitigating against the inadvertent sharing of sensitive