Do you know what to do with a Data Breach?

Data Breach

The Privacy Act amendments will take effect on 22 February 2018,  otherwise known as Australia’s Mandatory Breach Notification Law. This means you’ll need to report any ‘eligible data breach’ to the Office of the Australian Information Commissioner (OAIC). Failure to comply with the new legislation could result in a fine as much as $1.8 million for an organisation, or individually a fine of up to $360,000.

Breaches of privacy from a cyber event can add enormous expense to a business.  Make sure you speak to one of our brokers today on 1300 799 422 to learn how Cyber Insurance can help protect your business.

Who does it apply to?

This new law will apply to all Australian Privacy Principal entities as defined by the Privacy Act 1988:

  • Australian Government agencies
  • Businesses with turnover over $3 million
  • Not for profit organisations
  • Health service providers
  • Child care
  • Education
  • Businesses that sell or purchase personal information
  • Organisations that handle health data
  • Businesses and individuals who handle personal information.

What is a data breach?

  • Unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (affected individuals), or
  • Where personal information of affected individuals is lost in circumstances that may give rise to unauthorised access or unauthorised disclosure.

What are you required to do if you have a data breach?

What steps do you need to take to prepare yourself for the changes in law?

  • Know what data you capture and hold in your organisation and where.

What current security processes do you have in place?

  • Make sure you have an incident response plan ready for management of a data breach.

For more information in respect to these changes, visit the OAIC website.

Call us for information on our Cyber Insurance on 1300 799 422.