Business Compelled to Report Data Breaches – Notifiable Data Breaches scheme
Almost every significant sized business in Australia will have to comply with new laws governing data breaches from February 22.
Any businesses with an annual turnover of at least $3 million, as well as smaller organisations who handle health and other personal data, will be required to promptly notify the Office of the Australian Information Commissioner and also any impacted clients or customers, when a data breach occurs.
It doesn’t matter if you are a for-profit, governmental, or not-for-profit organisation – if you handle personal information you are required to secure it, and have in place a standard plan to notify impacted individuals in the event of any data breaches.
Penalties for non-compliance are two-fold – legal and public humiliation. The legal consequences include public investigations that could result in penalties of up to $2.1 million. The outcome of public shaming could be even more damaging. Failure to comply gives your competitors a free advantage to relentlessly use the point: “Choose US – We Protect Your Data, Unlike Company B. Look at their poor record of keeping your personal details safe.”
One of the most significant challenges companies face is demonstrating to clients that it places their privacy above profits. A data breach, if not handled in a prompt and transparent manner, reinforces the impression that the business or organisation does not care about its clients and customers.
Think Technology Australia has recently assisted a range of different sized businesses undertake the necessary steps to conform to the new mandatory data breach law.
We have assisted our business clients to:
- audit their current information security processes and procedures to ensure they are adequate; and
- prepare a data breach response plan, or update their current plan, to respond quickly, efficiently and lawfully to an actual or suspected data breach.
An audit is required to determine what data your company intentionally or inadvertently collects on clients and customers. Your business could be collecting unnecessary data, increasing the breach risk to your business which is avoidable.
After refining your data collection, we advise business to make certain they’re using the most effective security software possible to encrypt, secure and back-up relevant personally identifiable information.
Informing your staff of the new laws and providing them with additional education surrounding cybercrime and threats is important too. We can help you schedule training with varying scenarios so your staff know how to react if a data breach occurs. This will refine your response plan and give you peace-of-mind that your staff are knowledgeable and prepared.
You should also ensure all third-party providers that have access to your data are incorporated in your planning – clear communication to everyone involved in your data touch points is critical.
Want to know more about how the new data breach notification law affects your business, speak to one of our team today, 1300 920 866