For those that are unaware back on the 22nd of February 2018 a new law came into effect known as the Notifiable Data Breach Scheme.

The new law affects businesses and not for profit organisations that have an annual turnover of $3 million or more that have been involved or suspect they have been involved in a data breach.

The below list is of affected organisations in this new law, however is not exhaustive;

  • Australian Government Agencies.
  • Businesses with an annual turnover over $3 million.
  • Not for Profit organisations with an annual turnover over $3 million.
  • Private Sector Health Service Providers.
  • Credit Reporting Bodies.
  • Credit providers.
  • Entities that trade in personal information.

Tax File Number Recipients which includes small businesses under the $3 million in turnover but only on Tax File Number breaches.

Failing to notify both the people whose private information has been breached as well as the Office of the Australian Information Commissioner can leave you on the hook for fines of up to $2.1 million.

If you suspect a data breach has occurred, you have 30 days from the date you found out to complete an investigation.

We understand this is daunting so here a few helpful tips to help you protect yourself:

  • Invest in a multi layered cyber security solution for your firm, call the office or submit the form on the page to book an independent 3rd party assessment.
  • Modify your data breach response plan if you have one, if not let us help you put one in place.
  • Ensure your contracts with 3rd party suppliers include provisions for who or if both parties are responsible for a breach.
  • Look at implementing user awareness training on cyber security.
  • Ensure data security is given high priority.

Want more help with your business investment and making sure you're protected from cyber threats? Click the button below to book your free cyber security risk assessment TODAY.