New laws, if passed, will require businesses that experience a data breach to notify the Australian Information Commissioner and any affected individuals that an unauthorised disclosure of personal information has occurred.
Cyber attacks and data breaches are becoming increasingly common in commercial life and will be experienced by most organisations at some stage. Now, under the proposed amendments to the Privacy Act 1988, certain businesses that fail to notify the Commissioner and affected individuals as soon as practicable may be exposed to hefty penalties.
Businesses and organisations that are considered "APP Entities" under the Privacy Act 1988 will be subject to the mandatory notification obligations if:
• there is unauthorised access to or unauthorised disclosure of personal information; and
• such access, disclosure or loss of personal information is likely to result in serious harm to any of the individuals to whom the information relates.
Providing notification of a data breach will likely result in significant negative publicity and scrutiny from the Commissioner. At Motus Legal, we have advised clients on policies and procedures that can be implemented to minimise the risk of a data breach occurring, as well as responding to claims of breaches of privacy. However, businesses cannot entirely eliminate the risk that human error, a technology glitch or a malicious hack will cause a data breach.
It is therefore crucial that you act quickly if you become aware that a data breach has occurred or is likely to occur. Under the proposed amendments to the Privacy Act 1988, APP Entities that take effective remedial action before any serious harm occurs may be exempt from the costly mandatory notification obligations.
Get in touch with us at Motus Legal to find out how these new laws will affect your business and how we can help you manage data breaches before they occur.
The team at Motus Legal