News

Changes are afoot, and if you are a business owner, it’s time to sit up and start paying attention to the what you and your employees need to do to avoid breaching the privacy laws. This is not something to be dismissed as scare mongering. It’s very real with very real consequences.

 

Recently Australian Parliament enacted the Privacy Amendment (Notifiable Data Breaches) Bill 2016. The upshot of this is all Australian companies will have to publicly reveal any data breaches. Significant penalties for trying to sweep any mistakes under the carpet. An individual found to be involved could be liable for as much as $360,000 and just shy of $2 million for companies. If the fines didn’t bankrupt your business, your reputation as a business would be questionable.

 

Think this law probably doesn’t apply to you? Not so fast! Even charitable organisations will come under fire for data breaches. If your revenue is more than $3m it affects you. If your revenue is less than $3m if you participate in any of the following, it also applies to you.

•Companies that sell or purchase personal information ie. Call centres, credit reporting, retail stores requesting credit checks.

•Educational institutes from kindergartens and child care centres through to universities

•Companies who handle personal details including tax file number, financial information and health records.

 

What constitutes a data breach?

 

If you accidentally disclose personal information or someone gains unauthorised access to your systems (for example; Google Drive, Slack, Dropbox, Cloud) and this breach of data could result in identity theft or fraud, shaming or discrimination that damages anyone’s character; mental or emotional upset.

 

In the unfortunate case a data breach does occur, you have 30 days to contact all customers that could be affected and recommend steps to take to protect themselves. You must also notify the Government Privacy Commissioner.

 

How can I safeguard from employees and my business?

 

It’s imperative all employees are trained on how to handle personal information and their responsibility. Make sure there are systems in place, if their aren’t already.

 

Make an inventory of all the computer programs/systems your company uses such as Amazon Webservices, Trello, any cloud based storage and which record systems are used to store personal and financial data.

 

Ensure you have up to date antivirus software, have security rules around who can access the data and discover ways to tell if there has been a breach.

 

Be prepared on how to handle a data breach should it occur. For example; write policies on how to handle a data breach and the steps involved if circumstances arise. This must cover how to advise customers and who contacts the comissioner.

 

If you need the expertise of IT proffesionals to ensure you systems are secure or help with strategies to avoid data breachs, talk to Confod IT today