Viewing entries tagged
security

Mandatory privacy breach reporting

New laws, if passed, will require businesses that experience a data breach to notify the Australian Information Commissioner and any affected individuals that an unauthorised disclosure of personal information has occurred.
 
Cyber attacks and data breaches are becoming increasingly common in commercial life and will be experienced by most organisations at some stage. Now, under the proposed amendments to the Privacy Act 1988, certain businesses that fail to notify the Commissioner and affected individuals as soon as practicable may be exposed to hefty penalties.
 
Businesses and organisations that are considered "APP Entities" under the Privacy Act 1988 will be subject to the mandatory notification obligations if:
•    there is unauthorised access to or unauthorised disclosure of personal information; and
•    such access, disclosure or loss of personal information is likely to result in serious harm to any of the individuals to whom the information relates.
 
Providing notification of a data breach will likely result in significant negative publicity and scrutiny from the Commissioner. At Motus Legal, we have advised clients on policies and procedures that can be implemented to minimise the risk of a data breach occurring, as well as responding to claims of breaches of privacy.  However, businesses cannot entirely eliminate the risk that human error, a technology glitch or a malicious hack will cause a data breach.
 
It is therefore crucial that you act quickly if you become aware that a data breach has occurred or is likely to occur. Under the proposed amendments to the Privacy Act 1988, APP Entities that take effective remedial action before any serious harm occurs may be exempt from the costly mandatory notification obligations.
 
Get in touch with us at Motus Legal to find out how these new laws will affect your business and how we can help you manage data breaches before they occur.

 

The team at Motus Legal

 

Top 4 tips to become cyber resilient

Cyber security is an issue of increasing importance for organisations throughout Australia and the world. As businesses chase the undeniable benefits of going ever-more digital, the related cyber risks cannot be ignored.

It is now generally accepted in the business community that virtually all organisations will experience a cyber-related incident at some stage. Data breaches can lead not only to large civil penalties imposed on companies and personal liability for directors, but can also have a devastating effect on an organisation’s reputation. 

You should therefore view cyber security as not just a technical problem requiring technical solutions. As a key stakeholder in your business, you need to be proactive in implementing an effective management strategy to address cyber risk at all levels of your organisation. 

To enhance cyber resilience and succeed in the digital economy, you should at the very least adopt a strategy to: 
•    determine your business’ exposure to cyber risk, including with respect to its assets, supply chain, personnel, and response resources;
•    promote cyber security governance and raise awareness of cyber risks across your whole business;
•    assess and update your business’ policies and procedures, implement a data breach detection and response plan, and ensure your employees and contractors have the necessary training; and
•    review your business’ insurance policies and coverage.

Do not assume your business has satisfactory procedures in place to deal with cyber threats. Unfortunately, it is often only after a business has experienced a data breach and become exposed to the wide range of liabilities that they recognise the necessity of an effective cyber-resilience strategy.  Don’t let that be you. Get ahead of cyber risk by reviewing the above for yourself, or ask the experts to help.

At Motus Legal, we have helped many of our clients beef up their privacy policies and security procedures, and have provided much needed advice on data, privacy and security-related matters.  Get in touch with us so we can help your business become cyber resilient.

The team at Motus Legal