You better be ready Mr or Mrs Business Person because New data breach rules come into effect from 22 February 2018. These rules place an onus on business to protect and notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
Regardless of how good your existing systems are, data breaches are a reality either through human error, mischief, or simply because those looking for ways to disrupt are often one step ahead. But it’s not all about IT, there have been numerous cases of hard copy records being disposed of inappropriately, employees allowing viruses to penetrate servers after opening the wrong email, and sensitive data on USBs lost on the way home.
Just last year almost 50,000 employee records from Australian Government agencies, banks and a utility were exposed and compromised because of a misconfigured cloud based ‘Amazon S3 bucket’. AMP was reportedly one of the worst affected with 25,000 leaked employee records.
The Notifiable Data Breach (NDB) Scheme affects organisations covered by the Privacy Act – that is, organisations with an annual turnover of $3 million or more. But, if your business is ‘related to’ another business covered by the Privacy Act, deals with health records (including gyms, child care centres, natural health providers, etc.,), or a credit provider etc., then your business is also affected (see the full list). Special responsibilities also exist for the handling of tax file numbers, credit information and information contained on the Personal Property Securities Register.
What you need to do
It’s important to keep in mind that complying with these new laws means more than notifying your database when something goes wrong. Organisations are required to take all reasonable steps to prevent a breach occurring in the first place, put in place the systems and procedures to identify and assess a breach, and issue a notification if a breach is likely to cause ‘serious harm’.
As I type, we here at Paris Financial are complying, and it needs you to look at your whole Risk Minimisation Plan which is of the utmost importance.
So contact your IT specialist and MAKE SURE you comply. If you would like to chat about what we are doing don’t hesitate to contact me here at Paris Financial.
Pat Mannix, Partner, Paris Financial