Is your business protected against Cyber attack?
What is changing?
Effective from 22nd February 2018 amendments to Federal Privacy Act legislation will see mandatory data breach notification laws introduced to Australia for the first time. This will be known as the Notifiable Data Breaches Scheme (NDB) and will impact all organisations covered by the Australian Privacy Act 1988.
The NDB scheme will strengthen protections afforded to personal information, improve transparency around breach reporting procedures and provide consumers and the community with confidence that their personal information is being respected and protected.
The laws impact any entity already covered under the Privacy Act including Government Agencies, not-for-profit organisations and private health service providers.
It also includes all businesses with turnovers greater than $3m.
The NDB scheme requires these organisations, to notify any individuals likely to be at risk of serious harm by a data breach. A breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
This could be through loss of a device containing customers personal information, a database is hacked, or if personal information is provided to the wrong person.
Breaches need to be reported to the Office of Australian Information Commissioner (OAIC), and all impacted individuals need to be notified and details of remedial action taken.
A data breach may result in significant costs to your organization, ranging from business interruption, reputational damage, incidence response and legal costs.
Large fines (including $360,000 for individuals and $1.8 Million for organisations) may be applied for noncompliance or breaches of these changes.
You need to assess and manage potential risk exposure, establish a data breach response plan, and consider seeking protection with Cyber
Security Insurance to mitigate exposure to both first and third party costs in dealing with a cyber-attack and/or data breaches.
For more information please contact us.
The material and contents provided in this blog are informative in nature only. It is not intended to be advice and you should not act specifically on the basis of this information alone. If expert assistance is required, professional advice should be obtained.