Mandatory Data Breach in Effect
The Privacy Amendment Act 2017 for, Notifiable Data Breaches, have been put in place as of 22 February 2018, which will see organisations with a turnover of $3 million or more will fall within the scope of the new Privacy Act measures requiring mandatory notification of cyber security breaches.
The law will now require organisations to notify affected individuals and makes a report to the Privacy Commissioner where a data breach, that could cause ‘serious harm’, has occurred. The term serious harm is related to physical, psychological, economic or financial harm but wouldn’t include individuals being upset or distressed.
Examples of a data breach include:
Under the new laws, in the event of a breach, those in charge of compliance are to ensure that policies and procedures are put in place to ensure that those responsible can respond to any potential eligible data breach within the required time, by identifying, taking actions to remedy, and notifying parties of any eligible data breach.
This is a fundamentally new set of provisions to what is in place now and place significant emphasis on businesses dealing with the data of customers and clients to ensure they are within a cyber secure environment.
As with many things in life, prevention is a good means of protection against a privacy breach. Investing in IT security and education of staff to lower the risk of data breach will reduce the likelihood of your organisation needing to respond to a Notifiable breach.
Should you have any questions in relation to this matter or would like additional information, please call your relevant ESV engagement partner on 02 9283 1666.