From 23rd February 2018, the Privacy Act 1998 has been amended to include the Mandatory Data Breach Notification Law.
This law will make it compulsory for all data breaches relating to personal data to be reported to the Australian Information Commissioner (OAIC).
Previously, businesses were only encouraged to report data breaches and weren’t legally bound to report/inform customers.
The new data breach law effects every organisation with an annual revenue over $3,000,000 and any smaller business (under $3,000,000) that handles personal information.
Businesses will have a 30-day timeframe from the time they become aware of the breach to assess whether an incident is an ‘eligible data breach’, and if so, report it to the OAIC.
Failure to act and report a breach will see fines and penalties up to $360,000 for individuals and $1,800,000 for organisations.
More information is availabble at the following link https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
Some key points for consideration;
- Australia faced over 10 million cyber attacks in 2017 (Deloitte consulting Services Study)
- 19% or 400,000 of 2.1 million Australian SME’s have had a cyber attack (Norton SMB Cybersecurity Survey)
- SME – companies employing less than 20 staff, or turnover up to $5,000,000
- 60% of Australian cyber attacks target SME’s (lack resources to invest in security)
- Over one million new pieces of malware (ie. a virus) are created everyday
Call our office on 1300 797 830 or email email@example.com to arrange a cyber insurance quote.