In this virtual world where more and more businesses are using the internet to conduct their activities, the prevalence of cyber crime is becoming an increasing threat. It is therefore important for brokers to ensure that their clients are adequately protected with cyber insurance to prepare for these potential risks. As of March 12 2014, amendments to the Privacy Act have become effective which call for a change in the collection and use of client information by organisations.
The new legislation is applicable to all Australian businesses that have a turnover of more than $3 million per year and all private health service providers irrespective of their annual turnover.
Australian Privacy Act Law Changes
The newly introduced privacy principles will provide guidelines as to how the personal information of clients is handled by businesses as well as government agencies in Australia. Personal information can be defined as any form of information that identifies you as an individual which may include addresses, credit card details, names or medicare numbers.
Furthermore, the legislation also outlines guidelines for the use and storage of sensitive information such as an individual’s gender, race, religion and any health information for example.
Some of the important changes are:
Privacy Policies
Organisations must ensure that their privacy policy is easily accessible and clients are aware of your privacy policy at the time of collecting their personal information. The commonly used method of achieving this is by incorporating modifications (referencing the policy within the collection statement) to the data collection form on website or printed documents.
Unsolicited Information
Businesses must either de-identify or destroy any unsolicited personal information they receive as soon as possible in the event it is not reasonably useful for their functions.
Sensitive Information
In order to collect details related to criminal records and health, businesses must obtain the consent from the individual in advance.
Security
According to the new Australian Privacy Principles, businesses must adopt reasonable measures for protecting personal information from interferences such as cyber attacks on their computer systems.
Cross-border disclosures
Businesses that disclose clients’ personal information to overseas recipients will have to assume greater legal accountability. This may mean ensuring the overseas entity is subject to similar privacy laws and that your business actively enforces those privacy measures.
Privacy Act – What Does It Mean For My Business?
The privacy commissioner has been vested with enhanced enforcement powers if businesses fail to comply with the changes to the privacy policy. This may result in fines of up to $340,000 for individuals and $1.7 million for corporations.
It is therefore imperative that businesses invest time and resources in ensuring they are adequately prepared for these changes to the act. Firstly, it is important to confirm if your business is required to comply with the 13 new Australian Privacy Principles.
You can do this by visiting the Office of the Australian Information Commissioner to view their Privacy Checklist for Small Business.
If your business does not have a privacy policy, yet is required to comply with the privacy principles, it is very important you create one. It is essential that your staff are aware of the policy and understand how to follow it correctly so as to avoid any breaches, as your business is liable for any privacy errors your staff make.
It is also useful to review the way you are currently collecting and storing the information of your clients to ensure you are following the guidelines set out by the act – this includes the collection of personal information through direct marketing processes.
Finally, it is recommended that businesses consider cyber insurance cover to protect against cyber crime attacks on their business which can compromise the safe storage of the personal data of your client base.
Cyber Crime – How Do I Protect My Business?
Cyber Insurance assists businesses financially and legally in the unfortunate event of a data breach or cyber attack. An attack as such cannot always be prevented, but it helps businesses to respond to attacks which may include denial of service attack on an e-commerce store, data loss, website hack or even a privacy breach incident.
Having the right cyber insurance policy may ensure you are covered for both first and third party claims. It is now recommended that business consider employing a stand-alone cyber insurance policy to ensure they are covered for all types of breaches instead of relying upon the minimal areas of cover provided under other common types of business insurance, such as indemnity policies.
It is evident from the above that if your business does not comply with the changes to the Privacy Act, it can be devastating both financially and to your business’ reputation.
It is recommended to spend some time preparing your business for these changes and to explore your cyber insurance policy options as a part of your overall risk management plan.
