Data breach notification has become mandatory from 22 February 2018 for all entities required to comply with the Australian Privacy Act 1988. Amendments have been made to the legislation that will be known as the Notifiable Data Breaches Scheme (NBD). This scheme will strengthen the protection and handling of personal information, improve transparency around breach reporting procedures and provide consumers and the community with confidence that their personal information is being respected and protected.
Changes to Cyber Security legislation – What is the impact?
The NDB scheme will directly impact all entities currently captured under the Privacy Act. It requires these organisations to notify any individuals likely to be at risk of serious harm by a data breach, whereby personal information held by an organisation is lost or subjected to unauthorised access or disclosure. The following are some examples of possible data breaches:
- A device containing your customers personal information is lost or stolen
- A database containing your clients’ personal information is hacked
- Client personal information is mistakenly provided to the wrong person
What if a breach occurs?
If any such breach occurs, it needs to be reported to the Office of the Australian Information Commissioner (OAIC). However, every impacted individual also needs to be formally notified and provided details as to what remedial action will be undertaken.
Significant costs may result from a serious data breach, these costs could include business interruption, reputational damage, incidence response and legal costs. For noncompliance of these changes there is the potential for large fines to be applied (including $360,000 for individuals and $1.8 Million for organisations).
Ways to protect to your business
These changes bring to the forefront Cyber risk which affects most businesses in Australia. The below tips could help protect your business in the future against breaches:
- Establish a data breach response plan
- Assess and manage potential risk exposure to Data Management and potential privacy breaches
- Seek protection by implementing Cyber Risk Cover to mitigate your business’s exposure to both first and third-party costs in dealing with a cyber-attack and/or data breach issues.