Subnet Blog

What You Need to Know About the New Mandatory Disclosure Laws

Written by Brett Lodge | 07 December 2017 01:04:07 Z

From February 2018, the Notifiable Data Breach (NDB) scheme comes into effect.

For businesses with an annual turnover of $3 million, this means strict new reporting requirements if a serious data breach occurs. Failure to comply can result in hefty fines, for both the organisation, and the individuals involved.

If the new mandatory disclosure laws affect your business, it’s important you fully understand your responsibilities and take steps now to ensure your sensitive data is secure.

Here, we’ll share the key points of the new legislation and provide some tips to help you make sure your organisation has the right security measures in place to minimise the risk of a data breach.

What is a Notifiable Data Breach?

The Federal Government’s Privacy Amendment (Notifiable Data Breaches) Act 2017 has established a Notifiable Data Breach (NDB) scheme in Australia. This means there are compulsory reporting requirements for organisations with an annual turnover of $3 million who are covered by the Australian Privacy Act 1988.

The new law comes into effect from February 22, 2018, and relates to any data breach that occurs on or after that date that will likely result in serious harm to the people connected to the data. An example of a serious data breach could be if a device that contains your customers’ personal information is lost or stolen, or if personal details your company holds are provided to a third party by mistake. Another scenario is if your database is hacked and sensitive personal information is exposed.

What do I need to do if a data breach occurs?

Data breaches must be reported to the Office of the Australian Information Commissioner (OAIC), and to every individual that may be affected. Reports must be made within 30 days from the time that your organisation first finds out, or has a reasonable expectation, that a data breach may have occurred.

If you fail to comply with the legislation set out in the new laws, there are tough penalties. These include fines of up to $360,000 for individuals and $1.8 million for organisations.

How can I reduce the risk of a data breach?

When was the last time you looked at your security policy? Protecting your data with strong security policies and practices is an essential step in preventing the financial cost and loss of faith that a serious data breach can cause. If your systems are breached, the average downtime is 24 hours – which could be catastrophic to your business. A full security audit that includes penetration testing can pinpoint any potential weaknesses, so you can address them before a breach occurs.

It’s also important to provide ongoing cyber security training for your staff. When your team have the knowledge and expertise they need to use technology sensibly, they’ll minimise the risk of a cyber-attack and the likelihood of a breach occurring is greatly reduced. Encourage strong passwords and make sure you have a clear and current security policy in place. Your policy should provide guidelines and requirements regarding the use of all company systems, applications, email and devices, and be readily available for all employees to refer to as needed.

Act now to protect your data

To avoid the stress and potential financial losses that a data breach can cause, take action now. Organise an audit to assess your current position and address any weak spots. Train your staff to be cyber-smart and create or revise your security policy so it is comprehensive. By doing something now, you could save yourself and your organisation big time in the future.

If you lack the expertise in-house to manage your cyber security needs, outsourcing to an IT specialist is a worthwhile investment. They will conduct a security audit, and provide guidance and assistance to plug any gaps. They can provide cyber security training for you and your staff and help you create an effective security policy that guides your team.

Get a FREE security assessment

We’ve found every time we do a security audit for prospects or clients, 100% of businesses present with a range of business-critical issues to be resolved.

If you’d like to find out how you can strengthen your cyber security to reduce the risk of a data breach in your organisation, why not take our FREE security assessment. 

Taking it further

If you enjoyed this article, you'll love our FREE not-for-profit IT guide. Download it today and simplify your approach to technology.