The February 22nd has now passed, which means Australian organisations covered under the Australian Privacy Act 1988 must now report data breaches to the Office of the Australian Information Commissioner (OAIC) as well as other affect parties such as customers or clients. But is your business prepared for the new scheme?
In August, we published an article about the Notifiable Data Breach (NDB) Scheme and how it will affect your business. In summary, if your business has an annual turnover of $3 million or more, the scheme applies to you. If a data breach or leak is discovered, and that can include lost devices and USB drives with confidential information stored, you must notify the OAIC and affected parties or face hefty fines; $360,000 for individuals and $1.8 million for organisations.
In our article, we also outlined some advice on how to prepare for the new NDB Scheme and ensure that data breach risks are mitigated, and in the event of a data breach, appropriate action is taken immediately. However, according to a study conducted by ACA research, the HP Australia IT Security Study found that out of the 528 surveyed Australian businesses, an astonishing 57% answered that they had not appropriately prepared any IT security risk assessment in the previous year.
With the number of high-profile data breaches reaching an all-time high, it is concerning that many Australian small and medium businesses (SMBs) have not adequately conducted any threat and risk assessments on their systems. Data breaches can be catastrophic, especially to affected individuals whose data has been leaked into the public domain.
The Act serves to protect individuals from businesses who do not prioritise the information security of their clients and customers. With the recent Equifax data breach fresh in the minds of the public, which leaked the personal information of up to 143 million individuals. Names, social security numbers as well as over 200,000 credit card numbers were compromised. Data breaches such as this create a significant drive for new data security legislation as the amount of personal information stored digitally by organisations increases by orders of magnitude every year.
Without such legislation, organisations have little incentive, other than to protect themselves, to take action and prepare for potential data breaches. Under the new NDB Scheme, businesses will be held accountable in the event of a data breach that could cause serious harm to those affected and in such an event, all parties must be notified.
Now that the NDB Scheme is in effect, businesses that have not already begun to prepare for potential breaches should make the necessary arrangements to ensure that data security and risk assessment policies are in place.
For assistance in making the neccesary arrangements required to meet NDB Scheme requirements please do not hestiate to contact Agilient.
The Agilient Team