Notifiable Data Breach Laws
Unless you have been living under a rock, by now you should have heard all about the new laws regarding reporting data breaches that went into effect back on February 22nd.
This will probably change the way you do business going forward so what are some of the basics you need to be aware of?
What changes?
Organisations that hold personal information will be required to:
1. Take reasonable steps to secure this information.
2. Notify individuals whose information is involved in a data breach that is likely to result in serious harm. The Australian Information Commissioner must also be notified of eligible data breaches.
In English?
If you hold anyones personal data and there is a possibility that it has been lost, stolen or even accessed by somebody, you MUST notify the affected individual/s AND the government.
Who does this apply to?
Any organisation that holds personal information AND has a turnover of more than $3 million dollars, all Health Service Providers, Credit Reporting Agencies and Tax File number (TFN) recipients.
Why?
This scheme aims to strengthen protections to personal information. It’s similar to schemes already in place in the US and the UK and in the opinion of security professionals, long overdue.
What do you have to do?
- You must take reasonable steps to ensure the security of the data you hold.
- You need a Data Breach Response Plan.
- You should have a Network and Security Audit performed at least annually or after any significant change.
- If you suspect a data breach, you must conduct an assessment within 30 days.
- You must notify both affected individuals and the government if there is a breach that is “likely to result in serious harm”.
- You must take remedial action and enhance your security measures to prevent further loss.
How can Tech Precision help?
Tech Precision provide a layered approach to security which includes:
1: People Security (Training, common sense)
2: Physical Security (Server accessibility, screen locks etc.)
3: Network Security (Managed Firewall, Spam protection)
4: Endpoint Security (Managed Anti-virus, anti-spyware)
5: Application Security (Appropriate permissions, Principle of least privilege)
6: Data Security (Backup and Disaster Recovery)
We’ve done most of this for some time. As threats and requirements evolve so too must our security. All customers will be expected to improve security to at least a baseline as outlined by the Office of the Australian Information Commissioner (OAIC).
If you ignore this will it go away?
No. Failure to take reasonable steps before or after a breach can result in penalties of up to $360,000 for individuals and $1.8 million for organisations.
Where can I find more information?
Talk to us or see the OAIC website – https://www.oaic.gov.au/
Tech Precision Methodology:
Providing IT Solutions with integrity. We believe in developing a relationship of understanding with our clients. Being able to leverage technology so you, the client, receives outcome-based solutions helping you drive your business forward.
If you have any questions you would like to discuss Contact Us.