As of 22/2/2018 there are new data breach notification requirements that have serious impacts on businesses and their reputations.
These laws were devised to protect customers and their data, ensure that companies are responsibly handling their data, maintain best practice and to enforce correct reporting procedures in the event of a data breach.
They apply to you if you are any of the following (the list is not exhaustive or definitive and you should obtain formal advice):
- Operate a business with a turnover of $3 million or more
- Health service provider, including medical practices, dental practices, pharmacists, physiotherapists, psychologists, and so on
- Credit reporting body
- TFN recipients, e.g. employers
- Disclose or collect personal information in exchange for a benefit, service or advantage
Potential significant penalties (up to $1.8 million) apply for non-compliance with the notification requirements.
Even if you are not subject to the Privacy Act, you may be under other obligations to protect data or maintain confidentiality.
All businesses should seek to apply best industry practice in the handling and security of its data and information to mitigate the risk of a breach.
Australian Signals Directorate (ASD) Essential 8 Strategies to mitigate cyber threats:
Configure Microsoft Office macro settings
User application hardening
Restrict administrative privileges
Patch operating systems