Data Breach Reporting Will Soon be Mandatory for BusinessesPosted by
Security issues don’t just put your business at risk. They also threaten the privacy and security of your partners and clients. For this reason, Australia is introducing mandatory data breach reporting.
There have been a string of high-profile data breaches in recent years. Some businesses need to do more to protect their sensitive data from intruders – especially client data.
Many businesses have been less than forthcoming regarding their lapses of security. Affected clients have been put at greater risk as they don’t realise their information may have been compromised. Often, this disregard for customer security has more of an impact on a business’s reputation than the actual data breach.
What you need to know about data breach reporting
The Notifiable Data Breaches scheme comes into effect on February 22, 2018. It will force Australian organisations to do better. The scheme covers most government agencies. It also covers private-sector and not-for-profit organisations with an annual turnover of more than $3 million. In some cases, it can also apply to smaller businesses. For example, if they trade in personal information or handle tax file numbers, it will apply.
Organisations covered by the scheme must report suspected data breaches to the Office of Australian Information Commissioner (OIAC) if they have reasonable grounds to believe there has been unauthorised access to, disclosure of, or loss of personal information that is likely to result in serious harm.
Once aware of a breach, organisations are obligated to prepare a statement for the OAIC as soon as practical. It must include a description of the breach and the type of information involved. It must also include recommended steps affected individuals should take to protect themselves. Those affected will also need to be notified if the organisation has reasonable grounds to believe a data breach has occurred, or if the organisation is directed to do so by the Commissioner.
Fines of up to $1.8 million may apply if a business fails to abide by the Notifiable Data Breaches scheme.
Some businesses have treated security and customer privacy as an afterthought for too long. The introduction of mandatory data breach reporting could be the wake-up call they need. If this sounds like your organisation, now is the time to get your data security in order. If not, the new data breach laws may force you to air out your dirty laundry.