New Data Breach laws are coming



For anyone having a website, you need know that we will soon have a mandatory data breach notification scheme in place and most website owners will need to notify the Privacy Commissioner and the affected people "as soon as practicable" (a few days) after knowing a data breach has occurred. If they think, it may have happened they have 30 days to ascertain whether or not it has actually occurred.

Those that fail to notify can face penalties, including fines of $360,000 for individuals and $1.8 million for organisations.

A serious breach would include people's personal details, credit reporting information, credit eligibility information, and tax file number information. Lucky I think few of my clients would be holding information like that online.

Furthermore, now the courts will be able to look after the breach as to how "likely" this Data Breach was too.

Personally we welcome the news, even recently we have seen companies after a Data Breach simply waffle over the damage, pretend that nothing is gone, do nothing to notify people that are affected and continue like before. It is frustrating even when you tell them of a vulnerability, and they do nothing. I have seen a site with its users and passwords all publicly listed on the web and the site has done nothing even after being told.

I know this Data Breach notification scheme is yet to begin, and it does not apply to all businesses, but it is a good wake-up call that the courts, government and Australian in general are taking data breaches more seriously. So I do believe it is an ideal time to review your company's data security to ensure that no customer data is unwittingly compromised.

Look what information you do have.

Look how you're protecting your customer data.

Whether or not your security practices are adequate.

You can read more details here. [Link removed by website]