Most businesses must now report data breaches

Protecting your business data is no longer just common sense

The chances are that if you experience any form of data breach, then not only is your company's information at risk but you are also at risk of breaching the privacy act. It's often assumed that data breach only means being hacked by a sophisticated gang from a rogue nation trying to influence votes or steal national secrets; It is more often associated with the wrongful acquisition of personal information that is residing in the databases of small to medium-sized businesses.

From February 22nd this year, the federal government has amended the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.  It now includes mandatory reporting if your business:

• Turns over more than $3M per year or;
• Is a credit reporting body or;
• Is a health service provider or;
• Is a Tax File Number recipient.

You might be surprised at what constitutes an eligible data breach and how a breach could occur. An eligible Breach refers to the unauthorised access, loss, or disclosure of personal information that could cause serious harm to the individual whose personal information was involved in the data breach.

"Serious harm" in this context, may include physical, psychological, emotional, financial or reputational harm.  This affects any business who holds personal information about their clients such as medical records or credit card details.

Examples of data breaches can be in the form of:

• Lost or stolen laptops or other mobile electronic devices.
• Database breaches from hacking.
• Physical access by an individual to unsecured document recycling.
• Unauthorised access to personal records by an employee.

Data security is an on-going issue for all businesses and this change to the privacy act has added another dimension to the responsibility of most businesses.

To notify of a data breach, visit the Office of the Australian Information Commissioner's (OAIC) website and fill in the "Notifiable Data Breach Form".  If a business fails to disclose a data breach on more than two occasions, the OAIC can seek a penalty of up to $21M.

Digital information loss is by far the hardest to protect against as hacking attempts can take place from anywhere at any time.  Simply clicking on the wrong email or visiting a compromised website can lead to your customer's data being leaked.

If you would like to discuss your computer and network security or if you would like to know more, please contact Loyal I.T. Solutions on 02-43370700 or email Michael Trimblett

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from our base on the Central Coast.