2018 Privacy Laws in Australia, Should You Be Concerned?
Recent changes to Australian privacy laws mean that it is more important than ever for organisations to understand their obligations and how the laws will impact their employees, customers and business operations. The changes can increase the burden on Australian organisations, and there are serious ramifications if organisations fail to comply, which adds risk to the business. In this article, we explore best practices on how organisations can comply with the new privacy legislation and how to adopt new ways to avoid possible risks to their data and organisation.
What is the New Legislation?
The Australian government launched the Notifiable Data Breach scheme (NDB) starting 22 February 2018, where Australian organisations and agencies with annual turnovers of more than $3 million, and holding personally identifiable information (PII), must report all eligible data breaches to the Office of the Australian Information Commissioner and to all affected individuals. Eligible breaches are those that involve personal information and are likely to result in serious harm to the owners of that PII. The government has published a useful guide outlining all the details for organisations to review with their internal legal and technical teams.
Failure to comply with the new legislation can result in serious consequences including penalties of up to $1.8 million for the organisation. There are other impacts to consider, following a breach, such as operational delays, extensive activities to investigate a data breach, legal advice and action, brand reputation damage, loss of consumer confidence and loss of business opportunities and revenue.
Prevention and Detection
It is important to consider your security policies to ensure that they provide guidance to your staff as well as technical guidance on preventing data breaches from occurring. In line with these policies your organisation needs to adapt your technology that stores sensitive data to ensure potential threats and breaches are detected early and reliably. If a breach does occur, you need to have plans in place to take the appropriate measures to understand the cause, prevent future breaches, notify all parties concerned and deal with any publicity that occurs. Without these plans in place your business can be disrupted long after a breach is discovered. These plans need to be in place now, and your organisation should run sanity checks on systems regularly and ensure the IT team stays on top of cyber security threats to proactively prevent breaches from happening.
To reduce risk, improved detection and response times are critical to complying with the NDB scheme for customers and employees. However, due to the length of time between a data breach and detection, the affected individuals may experience harm before the organisation detects and assesses the breach and is able to report it. Thus, organisations will do better if they focus on making personal data harder to steal and closely managing their cyber security strategies and business continuity plans.
Understand what your organisation is doing to prepare for the new legislation. Be prepared to play a major role in your organisations’ data breach risk management and respond to data breach events. To be effective in these activities, ensure you are equipped to do so and are empowered by the executive team. Organisation executives should be helping to drive the requirements for improved data security and data breach response, and involvement and leadership can be provided by an experienced consultant in this area.
Bringing it all together
Senior leaders have an important role to play in preparing for the new data breach laws and ensuring organisational compliance. With the increasingly high chances that your organisation will experience a data breach at some point, and employee data so sought after by criminals, you should take a proactive approach to securing and protecting data. If managed, this will enable your organisation to be in a stronger position to retain the trust, respect and confidence of your customers and employees. Ensure that you discuss your obligations with your own legal team and seek advice if you don’t understand the changes.
Looking to learn more about data security? Contact Object today and speak to one of our technical experts that specialise in solutions that can assist in preventing and detecting data breaches and deliver solutions that implement strong cyber-security.