Do you know what to do with a Data Breach?

Amendments to The Privacy Act 1988 took effect on 22 February 2018, otherwise known as Australia’s Mandatory Breach Notification Law. This means you’ll need to report any ‘eligible data breach’ to the Office of the Australian Information Commissioner (OAIC). Failure to comply with this legislation could result in a substantial fine or penalty.

Breaches of privacy from a cyber event can add enormous expense to a business.  Make sure you speak to one of our brokers today on 1300 799 422 to learn how Cyber Insurance can help protect your business.

Who does it apply to?

This new law will apply to all Australian Privacy Principal entities as defined by the Privacy Act 1988:

• Australian Government agencies
• Businesses with turnover over $3 million
• Not for profit organisations
• Health service providers
• Child care
• Education
• Businesses that sell or purchase personal information
• Organisations that handle health data
• Businesses and individuals who handle personal information.

What is a data breach?

• Unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (affected individuals), or
• Where personal information of affected individuals is lost in circumstances that may give rise to unauthorised access or unauthorised disclosure.

What are you required to do if you have a data breach?

• You must conduct an assessment
• Alert OAIC (Office of the Australian Information Commissioner) within 30 days
• Notify affected individuals.

What steps do you need to take to prepare yourself for the changes in law?

• Know what data you capture and hold in your organisation and where.

What current security processes do you have in place?

• Make sure you have an incident response plan ready for management of a data breach.

For more information in respect to these changes, visit the OAIC website.

Call us for information on our Cyber Insurance on 1300 799 422.