Privacy laws in Australia are about to change. They are being modernised to help protect individuals’ personal and sensitive information.
In February, both Houses of Parliament passed a bill to introduce mandatory data breach notification laws. When the laws come into effect sometime this year, we all will have new responsibilities.
Here’s what you need to know to help you comply and avoid large fines.
We are all busy, so we rely more and more on technology to get through our busy life. We use apps and systems and store more information online. We get bombarded with usernames and passwords to enter, so we do what is easiest, use a simple password that you can remember or write it on a board in case you forget. When do we think about the value of the data? Sadly, in most cases it never even crosses our mind. Do you even think about the security implications? No, I’m too busy. There are security experts out there, but many can’t convince you that there is any value behind the cost.
Are you collecting personal data about your clients? A name, phone number, and address is considered personal. In many instances we store this data in office systems, website and emails. You may get your assistant to book that travel request, so you sent them your credit card details in an email. You sell goods online so you may even store your clients credit cards on your website, or on your computer. There is so many passwords to remember so you store all usernames and passwords in a spreadsheet on a shared drive
Sounds familiar?
Back in another timezone on the other side of the planet the ever growing black market for data theft is thriving. Hackers form China, Russia and Ukraine, are putting their skills to good use. Their skills can earn them hundreds of thousands of dollars by stealing data. There is almost no risk given the tools available to hide your identity. Even so, Australian laws don’t apply in these countries. There are so many systems out there to hack, they are easy to hack as the people that own theme are too busy to be even think about securing their systems. And besides while they sleep, I am awake. Actually, I never go to sleep because its a gold mine out there.
Here is an example.
A data breach is defined as an incident where there has been unauthorised access to customer information, or disclosure or loss of customer information, which leads to a real risk of serious harm to the individuals concerned.
When preparing a notification for the Privacy Commissioner and affected individuals, you will need to notify those affected in the normal way you communicate with them, such as email, phone, or post, but you must take reasonable steps to do so. If you are unable to notify them personally, you can publish a notification on your website.
The Privacy Commissioner can issue a written direction requiring an organisation to notify of a breach if they discover it has occurred. Penalties for non-compliance include public apologies, compensation payments, and where there’s been ‘serious or repeated non-compliance’, large fines. Individuals can be made to pay $360,000 and organisations $1.8 million.
These new laws are an important reminder of the financial damage data breaches can cause your organisation, not to mention the harm they can bring to those whose information has been breached.
Contact Net Solutions as we take cyber-security very seriously and can advise you of the risks and help put in place solutions to help mitigate the threat of a data breach
Assistance is also available via State and Federal Government agencies and other sources including: