Starting today, Thursday 22nd February, there is an important change to the way companies are required to manage and report data breaches.
The Australian Government introduced the Privacy Amendment (Notifiable Data Breaches) Bill 2016 to strengthen the protection of privacy and personal information, and to improve organisational transparency regarding data breaches.
Companies are now obliged to notify any individual whose personal information is involved in an eligible data breach that is likely to result in serious harm. Companies are also required to notify the Office of the Australian Information Commissioner (OAIC) of the eligible data breach.
Businesses should prepare by taking the following steps:
- Reviewing and understanding the data that is held and identifying personal information
- Revisiting the IT security policy and amending as appropriate
- Developing a sound data breach response plan with clear lines of authority
- Updating internal privacy and breach policies as appropriate
- Educating and training staff whilst setting out their responsibilities
- Taking out adequate insurance, including specific cyber cover.
Cyber cover, whilst often overlooked, is fast emerging as one of the key ways to protect yourself from the risk of cyber-attacks. At Honan, we are dedicated to leading the market in providing our clients with comprehensive coverage options and have advisers with specialty knowledge of Cyber policies.
Give yourself the confidence that you’re covered. Call one of our advisers and we will assist you in analysing and understanding how your current insurance program will protect you amongst the changing regulatory and business environment.
For more background information on Cyber cover visit http://www.honan.com.au/the-cyber-minefield-for-directors-and-officers/
Some risk management tips:
- Purchase a Cyber insurance policy
- Write and put in place a data breach response plan in the event of a breach
- Put in place a tried and tested business continuity plan for network downtime
- Make sure you are aware of all regulatory requirements for all territories you work in or distribute to
- Conduct employee training to ensure your staff are aware of risks the company faces
- Put in place a “bring your own device to work” policy if you allow employees to use their own devices for work
- Look at contracts with third party vendors providing data storage. Are there limitations of liability?
- Conduct an external penetration test to highlight potential areas to address
- Review system protection you have in place e.g. anti-virus, firewalls etc. and update regularly
- Keep all your systems and software patched up
- Enable multi-factor authentication
- Enforce strong password policies
Honan Insurance Group Pty Ltd (“Honan”) ABN 67 005 372 396, AFSL 246749. Honan is not the underwriter for any insurance product that you may decide upon and insurance is issued subject to the terms, conditions and exclusions as set by the particular underwriter.
Please note this information provided is for general advice only and does not factor in the objectives, needs or financial situation of the client. It is important for you to consider these matters and read the Product Disclosure Statement (PDS) and policy before deciding if this product is right for you. You can get a copy of the PDS by calling 03 9947 4333.