Upcoming Changes to Australian Privacy Laws – Is your business ready?
· · ·
22 February 2018 will see the introduction of the Privacy Amendment (Notifiable Data Breaches) Act 2017. The legislation introduces a new mandatory reporting scheme for organisations who are effected by a data breach.
In today’s hi-tech environment, the storage and management of private information about customers and employees is often overlooked by busy owners and managers. Entering data into software programs or up into the cloud is standard business practice, but have you considered your legal obligations relating to access to that data?
Data breaches occur in a number of ways and the Office of the Australian Information Commissioner (OIC) has provided some examples of a data breach, these include:
If your business information is accessed by professionals in eastern Europe or pizza eating teenagers for a laugh, then you may be required to disclose that event, even if it impacts on your business reputation.
If organisations fail to comply with notification requirements under the new scheme, this will be a breach of the Privacy Act. If the failure to comply is ‘serious or repeated’, penalties of up to $2.1 million ($420,000 for individuals) may apply.
Australian Privacy Principal No. 11 requires organisations to take “reasonable steps” to protect the personal information they hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Reasonable steps in these circumstances would include developing a data breach response plan.
If you are not sure if your business is effected by the Privacy Act, then work through the checklist on the OIC’s website https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-10 or call your lawyer for more information.
If you would like any more information about how these changes may affect you, please do not hesitate to contact Mbt Lawyers.
You’re in expert hands!