An update to Australian Mandatory Data Breach Legislation
Australian Mandatory Data Breach Legislation
Business preparation and Response Guide
With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of a breach on Australian businesses can be devastating.
WHO DOES THIS LAW APPLY TO?
Effective 22 February 2018, the Privacy Act 1988 includes mandatory data breach notification requirements. In summary, the Privacy Amendment (Notifiable Data Breaches) Act 2017 requires all relevant organisations to:
2. Notify all affected customers
WHAT IS A DATA BREACH?
A data breach occurs when personal information held by a business is lost or stolen or subject to unauthorised access like a server hack. For example, customer database, staff personal information, tax information, credit card details etc.
ARE YOU PREPARED?
Here is a checklist on how to prevent a data breach:
- Limit the places you store data by consolidating
- Delete old, irrelevant data and properly dispose of old hard drives and physical technology that might have personal records.
- Invest in Cyber Liability Insurance, which covers the cost the breach, Business Interruption, cost or damaged system plus much more coverage detailed below.
- Train your employees on proper email and password security
- Replace outdated software and technology and patches with new, more secure versions.
- Hire an IT security consultant to perform a security audit at your company.
- Write a Data Breach Response Plan
- Reduce bring-your-own-device (BYOD) liability by limiting the access employees’ personal devices (e.g., mobile phones) have to your business network
- Change laptop and mobile device settings to encrypt data when you are logged out.
- Review state and industry regulations concerning data security and the protection of customers’ financial, medical, or personal.
IN THE EVENT OF A DATA BREACH, CYBER LIABILITY INSURANCE WILL COVER:
- Forensic costs for experts to come in and see what went wrong
- Legal Fees
- Costs to notify affected individuals and regulators
- Costs to set up call centres.
- Credit monitoring for the affected parties
WHAT ELSE IS COVERED BY CYBER LIABILITY INSURANCE?
- Reimbursement of ransom demands
- Cyber crime, including social engineering, phishing and phreaking
- Cost to repair IT systems and data
- Business Interruption
- Third party claims from a failure to keep data secure, inadvertent transmission of a virus and claims arising from the content of your website or emails
CONTACT US FOR A CYBER LIABLITY QUOTE