In February 2018 the Notifiable Data Breaches Scheme came in to effect. This new law requires Australian businesses to immediately notify the Office of the Australian Information Commissioner (OAIC) and any affected parties should they experience a significant data breach.  

A data breach is when personal information is accessed or disclosed without authorisation, or otherwise lost. 

This law was designed not to protect the company that has experienced the breach but rather those people whose personal information has been released without their permission or knowledge. 

Does this apply to you?

If you, as a business are required to comply with the Privacy Act (1988), then the Notifiable Data Breaches Scheme (NDB) applies to you. If you are one of the following, keep reading: 

  • Australian Government agency health service provider 
  • Any business or non-profit organisation with annual turnover of $3M or higher 
  • Credit reporting body 
  • TFN recipient (You hold a Tax File Number in your systems) 

You will need to report if:

You discover there has been unauthorized access to, or disclosure of personal information of one or more individuals, 

OR 

Information has been lost that could be accessed by an unauthorised entity.
 

To put it simply, if you believe that, as the result of theft or loss of information, there is a risk of harm to any party involved you are required to notify.  

“Harm” includes financial/economic, emotional, physical, psychological or reputation harm. This applies even if someone’s name is not directly linked to the breached data. If the data can be used to identify and harm someone then you must report it. 

When do you need to notify?

If a breach occurs you must immediately contact the Office of the Australian Information Commissioner, identify your company, provide details about the definable breach and specifically detail what data has been released. 

Organisations are expected to have policies and procedures in place outlining the steps that must be taken in response to any privacy breach. This includes the role of staff when collecting, using, securing and disclosing customer information. A handy guide can be found here.   

The penalty for not notifying the OAIC and affected parties includes fines of $360,000 for individuals and $1.8M for organisations. Companies that repeatedly experience breaches and do nothing to further protect their data can face much higher penalties, even if they continue to report the breaches. 

How to prevent a breach

These new laws have been put in place to improve data security standards in Australian business. Similar to the General Data Protection Regulation (GDPR) of the EU, the focus is very much on the safety and security of your staff and customers. 

If you’re worried that you’re not doing enough to protect your precious data and prevent a breach, there are some important first steps to take. 

  1. Know your vulnerabilitiesYou’ll need to understand all the ways hackers can access your information by identifying your points of weakness. This could be any number of tactics including malware threats, keylogging, phishing or spoofing. A little research goes a long way in protecting yourself.One overlooked point of vulnerability is wireless technology. With more of us working remotely we are putting our data at greater risk. 
  1. Encrypt your dataIn today’s mobile world we are using wireless technology everywhere. We use it to enter passwords, send personal data and share confidential company information, all of which can leave us at risk. Every point in a wireless system is potentially vulnerable andwithout proper security measures in place, your information could be stolen. Use AES technology to minimise this risk. 
  1. Secure hardwareIt seems obvious enough, but not all data breaches are performed by hackers. Many cyber-attacks occur when physical electronic equipment is stolen. Be sure to secure all hardware in the office with lock ports, and when working on-the-go be sure to properly secure your laptops and devices at all times.
  2. Make security a part of everyday business
    Your staff must be made aware that their own behaviour can put the company at risk. Educate employees of the possibility of cyber-attacks and ensure they are always on the lookout. Hackers have all kinds of ways of breaching security and an individual’s desktop can be a great place to start, with tactics as simple as an innocent email attachment.

Set up clear rules around internet use in the office and make sure staff are educated about what emails are safe to open and what they should be suspicious of. Keep security top of mind with regular email reminders and briefings regarding cyber-security in the office. 

AES technology for data protection

Advanced Encryption Standard (AES) is an international standard for the encrypting and decrypting of data. Any time a device equipped with AES is used, the built in AES technology works automatically to protect your information. 

Keyboards
Wireless keyboards transmit information over the air which creates a point of weakness. A cyber-thief can easily intercept keystrokes and gain access to passwords and other vital information. AES encrypts your keystrokes before transmitting them to your PC or other devices. 

USB Drives
A PIN or password is set up when an encrypted USB is first used. This means that without the PIN the information is encrypted and un-readable. As soon as you enter your PIN your information is instantly decrypted and available for you to access. The computer or device you have used will have no trace of the data, or the PIN details once you have safely removed the USB, further protecting you from information theft. 

Play it safe

You may not think too much about data security breaches but that’s exactly the point of this new scheme. By having some basic security measures in place, you can save yourself from potentially damaging attacks as well as avoiding the loss of data and release of sensitive information.  

The data breach notification laws are there to protect people, but they’re also a good reminder for businesses to stay on top of their security and technology.

Recent Posts

Share it with your friends