Are you taking “reasonable steps” to protect your customer’s data? Within 12 months you will be required legally to report data breaches that occur within your business.
Review our tips on how to avoid data breaches in the first place and what will be required in the event of a data breach…
After five years of attempts to get the Mandatory Data Breach Notification scheme up and running the Australian senate finally passed new laws last week that will make it compulsory for businesses and government agencies to notify the Privacy Commissioner and customers if they have experienced a data breach.
With advances in technology, businesses are increasingly holding larger amounts of personal information online, raising the risk of security breaches around personal customer information that could be “hacked” and used for identity theft and identity fraud.
An immediate notification to customers by an organisation that suffer data breaches, will allow individuals whose personal information has been compromised to take immediate steps to lessen the impact from the breach. For example, the individual may wish to change passwords or take other steps to protect his or her personal information.
Security is a fundamental part of Diamond’s unique and effective managed service Technology Optimisation created with the purpose of aligning your technical environment to industry best practice on an ongoing, proactive basis.
Within the IT industry, best practice is fluid and constantly changing – new operating systems, new technologies and new threats all impact these standards. Better technical alignment to industry best practice can reduce the impact and risks from growing threats such as Ransomware and data breaches.
Take our quick Online Security Assessment to see how vulnerable your business may be…
Within 12 months of the scheme being passed in the senate, being April 2018
Start taking steps now to ensure your business is not vulnerable to data breaches. This is an important time to assess your choice of IT provider and ensure they are providing the right service to protect your organisation. Alternatively, you can contact us for more information on our unique and proactive managed service, Technology Optimisation, to see if our businesses would be a good fit.
According to the Privacy Amendment (Notification Data Breaches) Bill 2016, in some jurisdictions, notification is also only required if the data breach meets a specified harm threshold.
Examples of when data breach notification may be required could include:
The scheme applies only to government agencies and organisations governed by the Privacy Act, meaning state government organisations and local councils, plus organisations with a turnover less than $3 million a year, fall outside the legislation.
However, some exceptions apply to organisations that fall outside this range, including Child Care Centres, Private Schools and Private Sector Health Service Provider. The legislation also applies to individuals who handle and store customer’s personal information online.
In the event of an eligible data breach, an organisation entity is required to notify the Commissioner and affected individuals as soon as practicable after the entity is aware that there are reasonable grounds to believe that there has been an eligible data breach (unless an exception applies).
The notification must include:
According to the Bill, if more than one entity jointly and simultaneously holds the same particular record of personal information, an eligible data breach of one entity may also be an eligible data breach of each of the other entities.
This situation could potentially arise in cases involving outsourcing, joint ventures or shared services arrangements. For example, if one entity stores personal information in an online platform provided by another entity, and both entities ‘hold’ the information, an eligible data breach involving the information could potentially be an eligible data breach of both entities.
Contact us today for more information on how we can work together with you to avoid data breaches through our industry recognised and award winning services – call now on 1300 307 907 or via our online contact form below.