linkedin  Google+  email-3  twitter  facebook

New data breach notification laws - do you have a plan?

Find me on:

In November 2017, HP researched 528 SMB's (10 - 99 employees) in Australia and found that 57% of them admitted to not undertaking any sort of IT security risk assessment in the last 12 months, despite a series of high profile breaches in that time. That's 57% of businesses that did not have any idea  as to how at risk their business was to a breach.

We can't stipulate enough how important it is to assess your business and make the positive changes necessary to ensure you're protecting your business - and your clients personal information. If you don't, the implications and the financial cost can be very high. 

By now you're probably well aware of the the Australian Government's mandatory data breach notification laws that were introduced on the 22nd of February this year. The law now requires that if your business handles personal information of any kind, you need to have a process in place to notify any individual affected by a breach - should it occur - that could result in serious harm. If you find yourself in this situation, you can:

Notify them directly

The best way to do this is the way you would normally contact these individuals, but the alternatives include:

  • Send an SMS and request that they visit your website for more information
  • Send an email with relevant details in relation to the breach (refer below for what should be included)
  • Contact them by phone 
Publish a notification on your website

If you cannot contact everyone directly, you are required to publish a breach notification on your website and also promote this notification. You could do this via social media channels, news articles or advertisements to ensure you are proactively bringing attention to your data breach notification.

What information should be in a notification?

You must include the following information in your data breach notification:

  • the agency/organisation name and contact details
  • the kinds of personal information involved in the breach
  • a description of the data breach
  • recommendations for what steps you can take in response.

To better understand the reality every business faces - big or small, HP's videos below introduce you to the hackers perspective, followed by the CEO's perspective on a data breach.

The hackers perspective

  

The CEO's perspective

 

If you're even slightly nervous about data security and the risk of a breach in your business, our risk assessment is a great way to identify any vulnerabilities you may have and understand how you can better protect yourself. Please feel free to get in touch and schedule some time with our team. To reach us, call 02 4254 5444 or email us if you'd like our help.

Subscribe to our blog to receive regular articles