data breach notification

Data breach notification

Laura Serra Data Protection 0 Comments

Facebooktwittergoogle_pluspinterestlinkedinmail

Mandatory data breach notification scheme in Australia

data breaches notificationThe Privacy Act of 1988 regulates the way personal information must be handled. The Bill 2016 was amended in order to introduce mandatory data breach notification provisions and was accepted by the government in 2017.

It is now compulsory for any private organisation in Australia or Norfolk Island to report a suspected data breach within 30 days.

A data breach consists of the unauthorised access to, a disclosure of or loss of personal information. Any such data breach must be reported to the Office of the Australian Information Commissioner.

If the breach is not reported by the relevant organisation, the Commissioner can impose a civil penalty of up to a $1.8 million for organisations. Individuals can be charged up to $360,000.

Government agencies, universities, schools, media organisations and registered political representatives are excluded from the act.

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 will come into effect later this year.

Mac Thompson, the CEO of CloudRecover, commented the following:

“I am glad that Australia has adopted a mandatory data breach notification law. It will force many businesses to use adequate measures to secure their sensitive data. Last year more than one million personal and medical records of Australian citizens in some high profile cases were exposed online. This is just not acceptable any more.”

Although the mandatory data breach notification scheme is not yet operative, a prudent response from businesses is required. They need to start preparing for compliance today and reviewing the privacy and data security policies when handling sensitive information.

Preventing security breaches using guides and technology

Here are some suggestions on how to prevent data breaches:

1) Download the following guides by The Office of the Australian Information Commissioner (OAIC).

Timothy Pilgrim, the Australian Privacy and Information Commissioner, said:

“My office will be working closely with agencies and businesses to help prepare for the scheme’s commencement. This will include providing additional guidance over the next 12 months, and events hosted by the OAIC’s Privacy Professionals Network”.

Then, he added:

“In the meantime, agencies and businesses should continue to take reasonable steps to make sure personal information is held securely – including being equipped with a clear response plan in the event of a data breach”.

2) Consider using enterprise encryption software

Using a file encryption software, such as FinalCode, organisations retain granular control over sensitive information – no matter where it is stored or sent. In-depth reporting and auditing functionality is also included, so organisations receive greater visibility into their information security.

encryption sofwtare for data breaches

 

 

 

 

 

 

 

 

 

 

3) Use a managed backup and recovery service

A managed backup provider offers an additional layer of information security, including encrypted storage of offsite backup data. A managed service provider can use economies of scale to deliver services using the best-of-breed technologies more cost effective solution compared to managing in-house.
There are other advantages of outsourcing the IT infrastructure.

There are other advantages of outsourcing the IT infrastructure.

Mac Thompson CloudRecoverMac Thompson, CEO of CloudRecover, notices the following:

“Offsite backups can represent an additional layer of risk for data breaches if they are not configured and managed properly. Organisations should always make sure that offsite data is encrypted at rest and in transit. Choosing a PCI or FIPS 140-2 compliant backup solution is a great starting point to achieve this.”

4) Work with your trusted IT Provider

Working with an experienced service provider is a sensible choice. They can analyse your current IT infrastructure and provide advice to build data security processes and technologies that best fit the requirements.

Read more about additional tips on how to prevent data breaches.

 

Summary
Mandatory data breach notification scheme in Australia
Article Name
Mandatory data breach notification scheme in Australia
Description
The Privacy Act of 1988 regulates the way personal information must be handled. The Bill 2016 was amended in order to introduce mandatory data breach notification provisions and was accepted by the government in 2017.
Publisher Name
CloudRecover
Publisher Logo

Facebooktwittergoogle_pluspinterestlinkedinmail

Leave a Reply