Published on Mar 13, 2018

Feel free to share


The privacy laws have changed


Thursday 22 February saw new data breach laws come into place in Australia, and businesses must now alert consumers when the organisation has been the subject of a data hack, a leak or a security threat.


The Australian Small Business and Family Enterprise Ombudsman (ASBFEO) is urging small businesses to prepare for the changes.


The laws protect individuals from breaches in data. Accessing personal information from business computers could leave unauthorised individuals and small businesses up for significant fines. The new laws affect any business which holds personal information on either customers or staff.


“An unauthorised entity could be an employee, an independent contractor or an external third party, such as a hacker (via cyber attack),” according to a statement released by the ASBFEO.


The statement went on to say, “Serious harm to an individual may include physical, psychological, emotional, financial or reputational harm.”


Those found to have breached the law would be reported to both the affected staff member or customer, as well as the Office of the Australian Information Commissioner (OAIC).


The penalties for breaching are substantial.


“Small businesses can’t afford not to understand what the new laws mean to them, and yet I’ve read this morning a new study reporting 44 per cent of Australian businesses are not fully prepared”, said Small Business Ombudsman, Kate Carnell.


“Another report by Telstra last year found 33 per cent of small businesses don’t take proactive measures to protect against cyber breaches. With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of a breach on a small business is devastating.”


To find out what you need to do, visit the OAIC website, or download the ASBFEO’s recently released Cyber Security Best Practice Guide and the Small Business Best Practice Research Report.


The guide examines cyber security for small businesses, looks at the need for security policies for all small businesses which use the internet, has a list of recommended best practices and a number of links to help you connect with other important resources.


Or read our posts on how hackers access data and privacy obligations.