Call Menu
Feb 22
Data Breach

Mandatory Data Breach Reporting – What You Need To Know

Australia’s Data Breach Notification laws come into effect on 22 February 2018. This new law will require businesses to report all instances of personal data breaches.

The changes of legislation will affect businesses with a turnover of more than $3,000,000, as well as other businesses that operate by holding personal information. A health service provider, a real estate agent with a property management portfolio and businesses prescribed by the Privacy Regulation 2013 are the most common ‘other’ businesses picked up in the legislation.

To see the full list, visit our Data Breach information page.

Currently, many businesses are unprepared for the legislation changes and may find themselves facing fines of $360,000 for individuals and $1,800,000 for businesses.

What can I do – Simple Steps

For businesses to protect themselves, they need to follow these simple steps:

Application Whitelisting

Whitelisting is a technical measure where only ‘safe’ or ‘permitted’ apps or programs are allowed to be used in your business environment. Whitelisting can be implemented by your IT provider and reduces the risk of unauthorised applications or malicious software running in your environment.

Keeping Systems, Programs & Applications up to date

Patching and updating all of your systems when required is a critical step in protecting your business and its valuable information. This can be as simple as:

  • Restarting your PC/Laptop every day to ensure the latest Windows updates are in place
  • Running updates on phones and tablets as soon as available
  • Allowing updates on trusted software / programs as soon as they become available
  • Keeping your website’s plugins and extensions updated

Restrict Administrative Privileges

Administrative privileges should be tightly controlled and only given to those who truly require it. This is important because those with administrative privileges are targeted due to having a higher level of access to systems.

Administration accounts should only be used when administrative changes need to be made and should not have access to web browsing or email. Business owners or other important people to your business should have separate accounts.

Cyber Insurance

In previous years, Cyber Insurance has been an insurance cover that has only been taken out by very large organisations. With the introduction of mandatory Data Breach Reporting the requirement for a business to have Cyber Insurance in place has never been greater.

Simply put, Cyber Insurance can help fund the cost of a business getting themselves back on track after a data breach, whether it be the replacement costs of damaged IT equipment, costs associated with notifying a data breach, or bringing in a PR expert to ensure your business reputation is not tarnished.

Visit our Cyber Insurance page for more details including the ability to arrange a quote.

Additional Reading

Webber Insurance has prepared further information to assist businesses with the planning and preparation for these new laws:

For further assistance regarding Data Breach Notification laws, please contact our office.

 

Chris Webber

About The Author

Chris Webber is the Director of Webber Insurance Services. Chris has been in the insurance industry for almost 15 years and is an SME business insurance specialist. The information on this blog and website is of a general nature only. It does not take into account your individual financial situation, objectives or needs. You should consider your own financial position and requirements before making a decision. We recommend you consult a licensed insurance broker in order to assist you.

Leave a reply

Your email address will not be published. Required fields are marked *