The rise of the digital economy during the past two decades has been accompanied by a parallel rise in the threat of cybercrime and data security breaches.
Recent examples can be seen everywhere from multinational organisations like Facebook and shipping conglomerate Maesrk, to small-to-medium sized domestic businesses and even Government departments such as the Bureau of Meteorology and Family Planning NSW.
Clearly, some breaches are more malicious and damaging than others. Regardless, what each of the above cases shows is that if data security – including sensitive personal information about your employees – isn’t already high on your managerial agenda, it really should be.
In an attempt to compel employers to do more to prevent data breaches, and provide greater protections to employees and customers if they happen, the Australian Government introduced the Notifiable Data Breaches (NDB) scheme on 22 February 2018. Part of the Privacy Act 1988, the scheme applies to any business with annual turnover of $3 million+ and gives businesses a maximum of 30 days to disclose full details when a data breach is discovered.
It’s worth noting the European Union recently enacted its own General Data Protection Regulation (GDPR) which provides employers with just a 72-hour window to report breaches, so don’t be surprised if the Australian Government follows suit before too long.
Your data. Your responsibility.
Data security affects everything from your inhouse email, accounting and intranet systems, to your company mobile phones, social media and even everyday web usage via your company’s ISP.
Whatever the size or nature of your business, it’s essential to understand your obligations should you suffer a data breach in any of these areas, especially as severe penalties and fines can apply if you don’t.
You can read more about the Notifiable Data Breaches scheme at the Office of the Australian Information Commissioner.