Mandatory data breach notification scheme

Cybercrime and its potential impact on business operations is well understood today with reports about data breaches, malware attacks and email scams of all kinds making the the news almost daily.

Businesses with websites, and that’s just about every business, hold data and information about customers. This sensitive information is at serious risk of being accessed by cyber criminals following a malicious cyber attack that results in data breach.

The cost to Australian business of data breach is staggering, numbering in the tens of millions of dollars, as detailed in a 2017 report produced by the security division of IBM.

What was once mainly a problem for big business now encompasses small and medium businesses of every description with service providers at the top of the list of industries targeted.

Recent legislation means that it is now mandatory for any affected business to report a data breach to the government and its customers.

If a business suspects they have been subject to a data breach, they will be required to carry out an assessment within 30 days. If there are then reasonable grounds to believe a data breach has occurred, the business will need to notify the Australian Privacy and Information Commissioner, as well as all the affected individuals.

The government believes the new scheme will strengthen the protections afforded to everyone’s personal information, and will improve transparency in the way that the public and private sectors respond to serious data breaches. It will also give individuals the opportunity to take steps to minimise the damage that can result from unauthorised use of their personal information.

https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme

How to protect your business from the costs of data breach.

1. Businesses should take reasonable steps to make sure personal information about customers is held securely – including being equipped with a clear response plan in the event of a data breach.

2. Be sure to have sufficient cybercrime insurance to cover the cost to your business of any breach. Insurance can cover the cost of:

  • IT advice and services to ‘clean’ your IT system.
  • Loss of income due to interruption to your business.
  • Legal liability costs if an affected customer takes legal action

3. Call us for more information. An affordable, cyber insurance policy will free you to concentrate on running your business. The insurance will watch your back.