Australia's Notifiable Data Breach Scheme
In 2017 there was a significant increase in the number of data breaches and cyber criminal activity. The most notable was the Wannacry exploit and then the disclosure by Uber late in 2017 of their systems which were hacked by cyber criminals. While Uber’s hack was in 2016, the information became public knowledge only in 2017 – and this in a way meant that people who may have had their personal data stolen or exposed to cyber criminals – were unware for almost a year.
To ensure companies maintain sound security practices related to digital information stored in their systems, the governments around the world are taking steps to ensure companies have to disclose when a data breach takes place and potential loss of confidential data of their customers.
In Australia, the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016. From 22 February 2018, retail businesses with an annual turnover of $3 million or more, or who trade in personal information, will be required to comply with the Notifiable Data Breaches (NDB) scheme.
Under the NDB scheme, these organisations must notify individuals affected by a data breach which is likely to result in serious harm. The Australian Information Commissioner must also be notified.
Failure to comply with the new Data Breach Notification Laws will fall under the Privacy Act’s existing enforcement and civil penalty framework.
Potential Penalties
Data Privacy Monitor also provides specifics into the penalties that can arise from failure to notify affected parties. Penalties for individuals can be up to $360,000 and companies can be fined up to $1.8 million.
Carrying steep fines, the new Data Breach Notification Laws definitely aren’t something to take lightly.
Even one offence could have a crippling effect on a company in terms of financial and reputational damage.
This shows just how serious the Australian government is about improving cyber security and cracking down on data breaches.
Lake Corporation provides Cyber security solutions addressing the core pillars to ensure a robust cyber resilient environment is implemented. The approach is by implementing best practices related to technology, processes and user awareness.
Pushkar Taneja, Managing Director of Lake Corporation, is a strong advocate of ensuring Lake’s customers operate in a secure cyber environment. Pushkar is available to provide guidance to board members and senior management to implement best practices related to Cyber Security.
Contact: Pushkar Taneja
E: Pushkar.taneja@lakecorp.com.au
P: +612 9958 6166