As of 22 February 2018 businesses that are subject to the Privacy Act 1988 must now notify the Privacy Commissioner if an eligible data breach occurs.
We outlined the details of these new laws in our Mandatory Data Breach Notification article which can be found at https://www.dwfoxtucker.com.au/2017/06/mandatory-data-breach-notification/.
If this includes your business you should have a plan and procedures in place to inform concerned parties and the Office of the Australian Information Commissioner in the unfortunate event that your business experiences a data breach. A data breach can occur as a result of malware, ransomware or some other computer hack. Dishonest or disgruntled employees and even the accidental release of information such as loss of files on phones, laptops, USBs or other IT Storage devices are other ways that data breaches can occur.
Businesses have an obligation to protect the personal information of their employees and the people that purchase their products or services. Breaches can give rise to substantial penalties - up to $360,000 for individuals and $1.8million for organisations.
Call us for a free ‘no obligation’ discussion where we can talk about how this applies to your business, reporting obligations and the steps needed to prepare a Data Breach Response Plan that will ensure your business is well prepared and capable of handling an event that causes a breach of your data.
