Due to a new law enforced on the 27th of February 2018, there will now be compulsory reporting of data breaches for most businesses. This is to ensure that businesses who hold certain information about their customers take reasonable steps to protect this information.
The new law will apply to most businesses that hold personal information including tax file numbers, medical records, and identification documents. The obligation on a business to protect such information extends beyond just your clients. It can apply to any personal information held about any individuals.
Circumstances which constitute a data breach can include:
However, for the law to apply, the data breach of personal information needs to have a possibility to result in serious harm to any of the individuals that the information concerns.
A breach could include:
If a breach occurs, you must prepare a statement and notify the Commissioner and then notify the individuals whose privacy has been breached. Serious and repeated breaches could result in a fine up to $420,000.
To adequately safeguard your business:
For more information, visit the OAIC’s Data Breaches webpage or contact Fox & Staniland to find out how we can help you and your business if your business has been breached.