What can we learn from the Notifiable Data Breaches scheme?
We’re now 9 months on since the commencement of the Notifiable Data Breaches (NBD) scheme. Taking effect on 22 February this year, the NBD made obligations to report data breaches more stringent and exposed business to the possibility of huge fines for non-reporting of breaches.
Further to this, individuals whose personal information has been compromised may initiate proceedings to recover damages beyond those specified in the Privacy Act 1998 (Cth).
Be warned – a breach of data will now result in more than a loss of reputation and a nasty social media backlash.
So what lessons can be learned from almost one year of the scheme being in place?
According to its most recent quarterly statistics report, the Office of the Australian Information Commissioner (OAIC) has been notified of 245 data breaches affecting personal information between July and September 2018. 57 per cent of incidents were caused by malicious or criminal attack, and 37 per cent resulted from human error.
Whilst malicious or criminal attacks have increased as a source of incidences, mistakes and errors remain a major issue for businesses. Off the back of the report, the OAIC has signalled to business that not only do ‘they need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day’.
Considering the reputational damage and loss of customer goodwill that a data breach may cause for businesses, this is something that should be at the forefront of your thinking.
What can your do to minimise the risk of a data breach?
• Develop polices in line with the NDB Scheme, and always seek legal advice to ensure that your business is compliant
• Implement relevant training for employees, management and your Board
• Know what to do when there is a potential data breach, and how this may be handled through social media.
• Partner with a trusted document destruction company to ensure company data is always destroyed securely
Confidential Shredding Co can help your business comply with the provisions of the Privacy Act. Call us on 1300 788 719 for a free no obligation quote or click here to order online.
The OAIC has produced a Data breach preparation and response guide for businesses with obligations under the Privacy Act.
Read more about: