On February 22, 2018, the Privacy Amendment (Notifiable Data Breaches) Act 2017 goes into effect, requiring all businesses in Australia to notify the Office of the Australian Information Commissioner (OAIC) and any impacted clients about significant data breaches. Here’s everything you need to know about this law and how it may impact your business.
The changes apply to the following organisations
The requirements for an Eligible Data Breach are that:
Penalties may amount to $360,000 for individuals and $1.8M for companies, where there has been a failure to declare a Notifiable Data Breach, interference with the privacy of individuals will be deemed to have occurred. This may include a written direction to an entity to issue a data breach notification and/or civil penalties for serious and/or repeated interferences.
The OAIC has provided guidance as to reasonable steps that can be found here. Steps include, but are not limited to: performing Privacy Impact Assessments, creating and maintaining privacy and security policies, developing a data breach response plan, ensuring that IT software and security is comprehensive, up to date and monitored and obtaining insurance specific to cyber security risks.
First of all, let’s take a look at what is the main cause of data breaches today. This is how companies lost data in 2016: Hacking or malware leads the way with 57%, followed by unintended disclosure. In fact, incidents caused by hacking or malware represent over 90% of all the breached records. A staggering amount of data that could have been protected with better security.
Dynamic Business Technologies can complete an assessment of the current environment, and prepare a readiness plan that aligns with the requirements from the Office of the Australian Information Commissioner.
Register below to discuss how prepared you are for the Notifiable Data Breach Legistlation