Report data breaches or risk a whopping fine

On February 7, 2018

Australian businesses risk being fined up to $1.8 million dollars if they aren’t prepared for new laws that require them to report any breaches of their customers’ data by hackers, thieves or IT glitches.

Last year the Australian Government passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016, a clear warning that businesses need to take cybersecurity seriously.

This law, which comes into play in just a couple of weeks on 22 February, means that your organisation must report any personal information data breaches if they have the potential to cause serious harm towards impacted individuals.

Information that could be involved in a breach includes:

  • Medical records
  • Drivers licence details
  • Medicare card details
  • Passport details
  • Tax File Numbers (TFN)
  • Financial information and;
  • A combination of personal details that reveal significant information about an individual

Reporting a data breach means you must submit a statement to the Office of the Australian Information Commissioner. You will also be required to contact all individuals impacted by the breach. To do so, your organisation must provide those impacted with:

  • Your organisations contact details
  • A description of the data breach
  • The kind(s) information concerned and;
  • Recommendations on how individuals should respond to the breach

Notifying impacted individuals will require the use of public channels and private correspondence to ensure the message reaches those impacted. While some organisations may view this as an inconvenient obligation, it offers an opportunity to show you respect and value the relationships you have with your customers and stakeholders. A comprehensive toolkit on how to notify individuals can be found here.

Being prepared for a data breach means understanding what is required to ensure you have the resources, processes and experience to swiftly communicate with impacted stakeholders in a way that protects your relationships, your brand, and meets your regulatory obligations.

Businesses that don’t meet these new laws risk a whopping fine or, even worse, a loss of trust and confidence in your organisation. It might be time to develop or review your crisis communication plan, make sure your team is trained to use it and have the experience responding to a data breach. If you need a hand, call us directly at 8317 0111.