Probably the most important blog post we’ll make this year: What you need to know about the new Australian mandatory data breach notification laws.
In a little more than two weeks time, on February 23rd 2018 all Australian Businesses with a turnover of 3 million dollars or more will be required to notify the Office of the Australia Information Commissioner of any significant data breaches. The new laws also apply to some smaller businesses such as those that handle health data.
Article sources:
https://www.computerworld.com.au/article/630028/100-days-until-mandatory-data-breach-notification-becomes-law/
https://blog.sonicwall.com/2018/01/preparing-for-notifiable-data-breach//
Who does the law apply to?
Almost every significant sized Australian business must comply with this new law.
The law covers most Australian government agencies, businesses with an annual turnover of at least $3 million, and some smaller organisations (such those that handle health data).
It doesn’t matter if you are a for-profit, governmental, or not-for-profit organisation – if you handle personal information then you are required to secure it and have in place a standard plan to notify impacted individuals in the event of a data breach. Basically, if your organisation collects any of the following you are impacted by the revised Privacy Act:
• Credit reporting or building data.
• Personally identifiable information.
• Tax data.
Is my data at risk?
Short answer: Yes. Let me explain with the use of this excellent infographic prepared by the good people at Sonicwall.
Steps you should take now
Many of you will already have polices and procedures in place to deal with a client data breach and those policies might only need a little bit of tweaking, for others a complete re-write of your policies and procedures might be on the cards. You should seek legal advice from a reputable business lawyer and probably get your HR advisers involved too.
One simple step you can take is to audit the data that you already collect from your customers and decide if it is all really necessary to keep it.
Of course prevention is always better than a cure, if you haven’t had your digital security systems recently audited now might be a good time. In most cases a combination of the following will not only make your business compliant with the new laws but also reduce the likelihood of a significant data breach:
- Reputable anti-malware software
- Strong password policies
- Two-factor authentication
- Staff training
- Well thought out policies and procedures
Your obligations in the event of a data breach
Should you discover that your sensitive data has made it’s way in to the wrong hands there are several steps you must take.
- Plug the leak.
- Notify those affected of the data loss.
- Notify the Australian Information Commissioner.
- Put permanent measures in place to prevent a similar breach in the future.
More information
An excellent article was published last year and can be found here: https://www.computerworld.com.au/article/630028/100-days-until-mandatory-data-breach-notification-becomes-law/
The Amendment can be found here: https://www.legislation.gov.au/Details/C2017A00012
Our Services
Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.
Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.
Testimonials
The team at AWIT deliver nothing but breathtaking service!!!!
Brett
They’ve gotten to know our business so well and they’re truly interested in helping us. It’s like having our own I.T. Department in-house. Australia Wide I.T. takes a personal interest in our team, our business and where we’re going. They’re like family.
Other I.T. companies just didn’t seem to have the same depth of knowledge as these guys. Rather than blame the user (us) they go the extra mile, locate the problem and fix it – Every time!
Coral
Your work last week was amazing. You couldn’t have been more supportive or expert in your conduct. I am very grateful and am amazed at your generous invoicing of last week’s work. I can only repay you by recommending you to as many people as possible.
Thank you. It is refreshing to know that when a problem occurs, you are always there – with great service.
Keran
A very big thank you from me to all of the guys there….You make things so easy for us and are always available to help.
A massive shout out to the Nash though for fixing our printer – you nailed it Nash and not only changed MY life, but also helped to save some trees in the Amazon Forest!
Thanks to you all.
Jo
Our previous I.T. Service Provider was distant, hard to contact and not customer focused. With Australia Wide I.T. we now have great service with a human touch. Our calls are answered promptly and the team is always ready to help in any way.
The maintenance program put in place by AWIT offers us peace of mind that our entire system is correctly and closely monitored.
Monica
All good as usual, keep up the professional service.
Diana
We would recommend you to anyone, anytime.
Thank you all so very, very much for all your support. Not to mention bringing back my files to my Company. I cannot thank you guys enough.
Thanks again.
Leigh
Thanks for all your help today. Your patience & tenacity for solving the problem is greatly appreciated.
Jacinta
Very much appreciate your very quick response today. It was pay day today and I was a bit worried (that we wouldn’t be able to process the pays) but because of you all is well, so a big thanks.
Dale
My business has grown from 3 stores to 5 stores over the last 3 years; one of the unfortunate consequences of this has been the fact that our old server and network could not cope with the growth. After much deliberation we chose Australia Wide I.T. to not only arrange the supply and installation of our new network, but to also provide long term support. We have been very pleased with our decision and would happily recommend them.
Bruce