Mandatory Data Breach Reporting – are you ready?
Make a note in your calendars – the 22nd of February 2018 marks the enforcement date of the long-anticipated mandatory data breach notification system.
Previously there were a set of a guidelines advising companies on how to escalate such incidents. While some companies have referred to these guidelines when a breach occurred, it was never bound by law.
The Privacy Amendment Act was passed by the Senate in February 2017 and now requires organisations to follow a stringent set of reporting processes in terms of notifying affected parties who are victim to an eligible data breach at the hands of the subject business or organisation.
What are the key points of the bill?
The bill defines an eligible data breach as a breach that will likely result in “serious harm to any individual to whom the information relates”, i.e. cyber-attacks, leakage of customers personal information, etc.
As part of the legislative provision, an assessment will be conducted as to whether “an eligible data breach” has occurred and determines the severity and degree of harm affecting the injured party. If the assessment test concludes that such an event of serious harm has occurred, then the entity must report to the Privacy Commissioner together with notifying the affected parties as soon as they become aware of the breach.
Who will this affect?
The data breach notification law affects all Australian businesses that are subject to the Australian Privacy Act. This includes all commercial entities as well as not-for-profit organisations who have been entrusted with personal or sensitive information.
What does it mean for financial services companies?
As all businesses that provide financial services hold an Australian Financial Services License (AFSL), financial services organisations will face more serious implications. If they are found to be negligent and using cloud security that is located outside of Australia, it could result in their license being revoked
In order to avoid the headache, AFSL holders are urged to ensure their cloud services are with a trusted Australian IT service provider. That’s why it is pertinent to choose a reputable, secure cyber security provider. FocusNet Technology can assist your business to get in-line with your given industry compliance regulations, get in touch now for further information. Because, can you really afford to take the risk?