Australia’s Data Breach Notification Laws come into effect on 22 February 2018. This new law will require businesses to report all instances of personal data breaches.

The changes of legislation will affect businesses with a turnover of more than $3,000,000, as well as other businesses that operate by holding personal information. A health service provider, a real estate agent with a property management portfolio and businesses prescribed by the Privacy Regulation 2013 are the most common ‘other’ businesses picked up in the legislation.

To see the full list, visit our Data Breach information page.

Currently, many businesses are unprepared for the legislation changes and may find themselves facing fines of $360,000 for individuals and $1,800,000 for businesses.

What can I do – Simple Steps

For businesses to protect themselves, they need to follow these simple steps:

Application Whitelisting

Whitelisting is a technical measure where only ‘safe’ or ‘permitted’ apps or programs are allowed to be used in your business environment. Whitelisting can be implemented by your IT provider and reduces the risk of unauthorised applications or malicious software running in your environment.

Keeping Systems, Programs & Applications up to date

Patching and updating all of your systems when required is a critical step in protecting your business and its valuable information. This can be as simple as:

• Restarting your PC/Laptop every day to ensure the latest Windows updates are in place
• Running updates on phones and tablets as soon as available
• Allowing updates on trusted software / programs as soon as they become available
• Keeping your website’s plugins and extensions updated

Restrict Administrative Privileges

Administrative privileges should be tightly controlled and only given to those who truly require it. This is important because those with administrative privileges are targeted due to having a higher level of access to systems.

Administration accounts should only be used when administrative changes need to be made and should not have access to web browsing or email. Business owners or other important people to your business should have separate accounts.

Cyber Insurance

In previous years, Cyber Insurance has been an insurance cover that has only been taken out by very large organisations. With the introduction of mandatory Data Breach Reporting the requirement for a business to have Cyber Insurance in place has never been greater.

Simply put, Cyber Insurance can help fund the cost of a business getting themselves back on track after a data breach, whether it be the replacement costs of damaged IT equipment, costs associated with notifying a data breach, or bringing in a PR expert to ensure your business reputation is not tarnished.

Visit our Cyber Insurance page for more details including the ability to arrange a quote.

Additional Reading

Webber Insurance has prepared further information to assist businesses with the planning and preparation for these new laws:

• Data Breach Notification Laws – Ultimate Guide
• Cyber Liability Insurance – Ultimate Guide
• How to protect your business from a Cyber Attack – Blog
• The 4 online dangers for your small business
• How to protect a small business online
• Are you complying with the Privacy Act

For further assistance regarding Data Breach Notification laws, please contact our office.