New privacy laws

Keeping customer and staff information secure is even more important after new laws came into effect on 22 February 2018.

Author

David Humphrey

New data notification laws commenced in February. Under the notifiable data breaches (NDB) scheme businesses need to formally investigate suspected data breaches of personal information. Data breaches that are likely to result in serious harm must be reported to the Office of the Australian Information Commissioner and to those individuals impacted.

The Privacy Act – a duty to protect and secure information

If you have a turnover greater than $3 million, the Privacy Act 1988 and Australian Privacy Principles (APP) regulate the way your business handles personal information.

These laws broadly require businesses to secure any personal information they hold and take reasonable steps to protect this information from misuse, interference, loss and unauthorised access, modification or disclosure.

Some common examples of personal information include an individual’s name, address, phone number, date of birth, email address, photograph or video recording of a person, bank account details, tax file number, signature, and commentary or opinion about an individual.

Many HIA members will obtain and secure personal information from their clients, potential customers, employees and contractors.

The new data notification laws

The notifiable data breaches scheme adds to the existing privacy obligations.

Under the new laws, as soon as practicable after you become ‘aware that there are reasonable grounds to believe’ there has been an eligible data breach you must notify these parties:

• the Information Commissioner
• affected individuals (or publish a statement).

There are some exceptions, including taking sufficient remedial action that the data breach is not likely to result in serious harm.

The new data notification laws will apply to businesses with a turnover greater than $3 million. The laws apply to small businesses only in relation to a data breach involving tax file numbers.

There may be penalties for non-compliance, including compensation for damages and monetary fines.

What is a notifiable data breach?

An eligible data breach will happen if:

• there is unauthorised access, unauthorised disclosure, or loss of personal information held by an entity, and
• the access, disclosure or loss is likely to result in ‘serious harm’ to the individual to whom the information relates.

Online hacks, email ‘phishing’ and data ransomware present common data breach risks. However other examples include:

• lost or stolen electronic devices containing personal information (such as a laptop, USB or mobile phone)
• paper records stolen from insecure recycling or garbage bins
• accidentally providing personal information to the wrong person
• unauthorised access to payroll information or personal information of employees.

Online security

Keeping personal information secure

To make your systems less attractive to cyber criminals consider these tips:

• install a firewall and virus-checking on your computers, and download the latest patches or security updates
• install anti-spyware tools
• choose secure passwords
• only allow your staff to access the information they need to do their job
• don’t let staff share passwords
• encrypt any personal information held electronically that would cause damage or distress if lost or stolen
• collect and store personal information only if it is absolutely necessary
• develop management policies and procedures for personal information
• destroy personal information when it is no longer needed.

Depending on your risk you may also want to prepare a data breach response plan and obtain cyber insurance coverage.

Related Articles

Housing and the news in 2018

Housing and the economy make the news for downturns and upturns and this year will be the same.

Voodoo economics

An economic philosophy that says we can have our cake and eat it too sounds almost too good to be true.

Safety takes centre stage

A national review of WHS laws has been underway, with HIA supporting industry as part of the consultation process.

Supporting home ownership

Financial challenges can prevent households from buying a home, but a range of government initiatives can help to pave the way to ownership.

Join more than 120,000 like-minded subscribers