For those that are unaware back on the 22nd of February 2018 a new law came into affect known as the Notifiable Data Breach Scheme.

The new law affects businesses and not for profit organisations that have an annual turnover of $3 million or more that have been involved or suspect they have been involved in a data breach.

The below list is of affected organisations in this new law, however is not exhaustive:

  • Australian Government Agencies.
  • Businesses with an annual turnover over $3 million.
  • Not For Profit organisations with an annual turnover over $3 million.
  • Private Sector Health Service Providers.
  • Credit Reporting Bodies.
  • Credit providers.
  • Entities that trade in personal information.
  • Tax File Number Recipients which includes small businesses under the $3 million in turnover but only on Tax File Number breaches.

Failing to notify both the people whose private information has been breached as well as the Office of the Australian Information Commissioner can leave you on the hook for fines of up to $2.1 million.

If you suspect a data breach has occurred you have 30 days from the date you found out to complete an investigation.

So what can you do to help protect yourself:

  • Invest in cyber security solutions for your business, we would be happy to advise you on what you need to invest in.
  • Modify your data breach response plan if you have one, if not let us help you put one in place.
  • Ensure your contracts with 3rd party suppliers include provisions for who or if both parties are responsible for a breach.
  • Look at implementing user awareness training on cyber security.
  • Ensure data security is given high priority.

Want more help with your business investment and making sure you're protected from cyber threats? Click the button below to book your free cyber security risk assessment TODAY.

FREE CYBER SECURITY ASSESSMENT