Just 14 days until new Data Breach Laws in Australia

New laws will come into affect on the 22nd February. The new Notifiable Data Breach legislation will require business to alert the Australian Information Commissioner and affected clients if they have been hacked. Breach Laws Legislation

New Notifiable Data Breach (NDB) laws come into affect on February 22, 2018 for Australian businesses, making it compulsory  to report any data breaches to authorities and their effected individuals.

Unfortunately, there are still many small-medium businesses who are not prepared or worse yet, think they will not be a target of a cyber attack.  It is important for all business to understand that a cyber attack is not an "if" scenario, but a "when" scenario. There is a 27.7% chance that a typical company will experience a data breach in the next two years (Ponemon Institute's "2017 Cost of Data Breach Study)

Under the new NDB, companies with a turnover of $3 million and over have 30 days to notify the Australian Information Commissioner of any data breaches involving personal information. Failure to inform of these breaches can lead to fines for up to $1.8 million dollars.

How can your business prepare for these changes?

Businesses need to push their IT security up there To-Do list. It is critical to have a robust monitoring system to not only help you identify and stop threats, but to also be compliant with the NDB. Having a "Security by design" approach to your networks and protocols can minimise the risk of noncompliance and harden your defence and detection measures.

Data security is not only an IT approach. The need to examine the operational procedures of your business, they way you store and access data, also needs to be addressed. Your business may have the most advance cyber security in place but if your team accidentally leaves the "keys on the desk", that will leave you exposed.

Most importantly, you must have a clear data storage and security plan in place. It needs to be monitored everyday to minimise risk and you need to have a Data Breach Response plan.

More information:

Fortinet - Understanding the Australian Notifiable Data Breach Scheme

Office of the Australian Information Commissioner - Notifiable Data Breaches scheme