Mandatory Data Breach Notification laws are coming…are you ready?

Data Breaches, Data Security

22/02/2018

The Mandatory Data Breach notification scheme in Australia has come into effect today. The new scheme will strengthen the protections afforded to everyone’s personal information and will improve transparency in the way that the public and private sectors respond to serious data breaches.

This legislation is a new way of putting data first and companies will be able to prioritise their existing information security programs of work around what is considered to be Personal Identifiable Information (PII).

Who do the changes apply to?

The changes apply to Commonwealth Government agencies and private sector organisations who are currently subject to the Australian Privacy Principles under the Privacy Act.

This includes private sector organisations, including not-for-profits, with annual (group) turnover of more than $3 million. It also includes small businesses that may be earning $3 million or less where they are health service providers involved in trading in personal information, contractors that provide services under a Commonwealth contract or credit reporting bodies, amongst others.

Entities already exempt from the operation of the Australian Privacy Principles remain exempt from the changes.        

For example, the changes apply to private schools or companies with a turnover of more than $3 million per year, but not to local councils or state government agencies.

What are the fines that an entity might face if it is subject to an eligible data breach?

Where an entity experiences an eligible data breach, the occurrence of that data breach in and of itself is unlikely to result in the entity facing penalties. Rather, a failure to report an eligible data breach will be considered an interference with the privacy of an individual affected by the eligible data breach. Under the Privacy Act, this means that a failure to notify affected individuals of an eligible data breach could be the subject of a complaint to the Privacy Commissioner.

Serious or repeated interferences with the privacy of an individual can give rise to civil penalties of up to $2.1 million. (We note that company directors or management will not be personally liable for such serious or repeated interferences.) The biggest impact is expected to be on reputation and the ability of the company to acquire new customers and keep the current customer base due to lack of trust in its ability to protect the information assets of its customers.

Are there any new rules relating to the security of personal data introduced by the changes?

There are no new requirements regarding the security of personal data. However, the changes primarily supplement Australian Privacy Principle 11 which requires entities who hold personal information to take reasonable steps to protect personal data from misuse, interference and loss, and from unauthorised access, modification or disclosure.

How can Ground Labs help?

Ground Labs have developed and commercialised a software that searches for all sensitive information within the network identifying all personal information data types and allowing the organisation to gain complete control over their information assets. The solution will not only identify but also allow the company to remediate any inappropriately stored sensitive information and allow the management team to make a data-driven decision in how to manage the information assets of the organisation.

Enterprise Recon is a worldwide recognised technology that assists with implementation and maintenance of major cybersecurity standards and regulations in Australia and across the globe such as PCI DSS, Australian Privacy Principles, HIPAA, Cyber Security Framework by NIST, IRAP, VPDSS and GDPR.

Marketing Ground Labs

Author
marketing@groundlabs.com

We are a sensitive data discovery company with operations globally. Our software helps companies of all sizes discover, remediate and monitor sensitive personal data across on-premises storage and in the cloud to meet global data compliance standards such as PCI DSS and GDPR.

Stay ahead of hackers

Sign up for our monthly security
newsletter and stay ahead.



Copyright © 2019 Ground Labs Pte Ltd – All rights reserved | Legal | Privacy | EULA

It's time to find your data

Products

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us

It's time to find your data

Products

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us