From 22nd February 2018, Mandatory Breach Reporting Legislation came into effect with penalties for non compliance ranging from $340,000 for individuals to $1.7 million for Companies.
The obligation to report any Cyber Breach or Breach of Privacy under this Legislation applies to Companies with a turnover in excess of $3,000,000 OR Companies below this threshold if they have elected to “Opt In” to the Australian Privacy Principals (which can be triggered as easily as collecting tax file number information, outsource payroll etc).
Whilst some companies have taken huge strides strengthening their digital defences, overall the situation is one of underinvestment, especially among smaller businesses. The thinking appears to be that a cyber attack is “unlikely” to ever happen to them and as a result, many businesses have elected to “Self Insure” to some extent against this risk. Previously, any breaches could have been handled privately & internally, protecting your business and it’s reputation.
This legislation places an obligation that a Company must now inform individuals if their personal information is involved in a data breach that could result in serious harm. Furthermore, eligible breaches must also be notified to the Office of the Australian Information Commissioner (OAIC). For further information, you can refer to their website at https://www.oaic.gov.au/
Whilst many companies have security around Hard Copy files, where Laptop Computers, Mobile Phones and other equipment issued to your employees, can also be exposures to your business. For example, if one is simply lost, without any password protection, what identifiable, personal information would the “finder” have access to?
Organisations that do not adequately protect sensitive data, be it in Hard Copy or Soft Copy format, will be in the spotlight and could face substantial fines and penalties, legal action and now damage to your brand and reputation.
There are insurance policies that can protect your business against the potential expenses of fines and penalties, investigation, reporting and provide assistance to reduce any damage to your reputation should the reporting of such a breach end up in the media.
Should you require further information, please speak to your Account Manager