Law Update: 4 Things You Should Know to Safeguard Your Business Data from Being Breached! 

Due to a new law enforced on the 27^th of February 2018, there will now be compulsory reporting of data breaches for most businesses. This is to ensure that businesses who hold certain information about their customers take reasonable steps to protect this information.

The new law will apply to most businesses that hold personal information including tax file numbers, medical records, and identification documents. The obligation on a business to protect such information extends beyond just your clients. It can apply to any personal information held about any individuals.

 Circumstances which constitute a data breach can include:

• unauthorised access to or disclosure of information; or
• the loss of personal information that could result in an unauthorised person accessing it.

However, for the law to apply, the data breach of personal information needs to have a possibility to result in serious harm to any of the individuals that the information concerns.

A breach could include:

• losing devices such as laptops and hard drives containing customers’ personal information;
• the hacking of a database with personal information;
• records stolen from unsecured recycling bins; and
• personal information being mistakenly given to the wrong person.

What should you do if a breach occurs?

If a breach occurs, you must prepare a statement and notify the Commissioner and then notify the individuals whose privacy has been breached. Serious and repeated breaches could result in a fine up to $420,000.

To adequately safeguard your business:

1. consider a privacy audit;
2. ensure staff are properly trained;
3. consider stricter employee access to information; and
4. ensure that your security software is up to date.

For more information, visit the OAIC’s  Data Breaches webpage or contact Fox & Staniland to find out how we can help you and your business if your business has been breached.