The Notifiable Data Breaches amendment has now become law, meaning Australian businesses must notify their consumers when a data hack, security threat or leak has occurred at their organisation.
An “Eligible Data Breach” is when an unauthorised disclosure or access to personal information has occurred, that is likely to risk serious harm to an individual. Or when personal information is lost in circumstance likely to ensure unauthorised disclosure or access.
Up until now, organisations have been able to keep security threats silent. Now they will be under a legal obligation to disclose all breaches to the Office of the Australian Information Commissioner, within 30 days.
Just last week, Sydney financier Mike Harriot had $91,000 stolen from his bank account when hackers accessed his mobile account and posed as him in an online chat. All they needed was his date of birth and full name, and the money was gone.
It shows how easy Australian consumers can be fleeced on their life savings, and how vulnerable our businesses, both big and small are to the threat.
Every time a form is filled in online or manually, retailers need to be vigilant of where that information is going to go and how that information is going to be used by the business.
The Australian public would be surprised how many businesses are simply not prepared for this issue, however the new law is a first step in the right direction.
EC Integrators is a leading information management consultancy with specialised expertise in Data Governance, Enterprise Data Management, Data Virtualisation and Business Intelligence.
For more information relating to managing data in business visit ecintegrators.com.au