On February 22nd , 2018, Australia’s new Mandatory Data Breach Notification Laws come into effect, mandating a legal requirement to disclose information on any serious data breach, both to the affected individuals as well as to the Privacy Commissioner. The current penalties for non-compliance under this regulation range from $360K for an individual to $1.8M for a corporation, but it has been proposed to raise these amounts to $420K and $2.1M respectively, effective July 1, 2017.
Businesses that must comply include any organizations that are governed by the Privacy Act, including:
And additionally, it applies to specific types of businesses with a turnover of less than $3M, which include:
Individuals who handle personal information in their course of doing business (including insurance brokers, bankers, accountants, attorneys, health insurance providers)
If you run a business, you need to be aware of your obligations under this new law. One part of this obligation could be to have a response plan. Failing to disclose a breach can leave individuals and businesses subject to significant fines for non-compliance. So what should a plan look like?
While every plan needs to be tailored to the individual business needs, some common things to consider in your plan might include:
The legislation does vary across industries, so it is also worth checking with your relevant industry association as to what you may need to do. If you are in the Financial or Medical industries, you may also have additional obligations.
From an IT perspective, we believe that prevention is also imperative to reduce your risk.
There are a number of strategies and technologies that Atlas IT has put in place that can significantly reduce the likelihood of your systems being compromised. Some of the technologies we already deploy for our clients include:
There is no silver bullet, the threat landscape is constantly changing, and the rise of crypto-currencies and ransomware is only adding fuel to the fire. However if you combine all of the five items above, the your systems will be harder to compromise and an It team may be able to mitigate any damage quickly, thus protecting your business.
If you would like help in formulating a Data Breach Response Plan, or improve the security of your systems in response to this new law, please talk to your Atlas IT account manager or contact our sales team for further assistance.