Businesses turning over more than $3 million may be forced to report data breaches as early as this year
Monday, January 4, 2016/
Australian businesses turning over more than $3 million a year will be forced to notify customers of serious data breaches if the federal government successfully passes its proposed data breach legislation.
As it currently stands, Australian businesses do not have to notify customers or the privacy watchdog of data breaches, however, they may do so voluntarily.
During the 2014-15 financial year the Office of the Australian Information Commissioner received 110 voluntary data breach notifications from government organisations and the private sector, up from 67 notifications the previous year.
Under the government’s proposed legislation, businesses will be forced to notify the Australian Information Commissioner and affected individuals if there is a “serious data breach”.
The draft legislation defines a serious data breach as one where there is a “real risk of serious harm”, such as a cybercriminal gaining access to an individual’s personal information or tax file number.
A number of Australian retailers were subject to security incidents last year. In June, fashion retailer Sussan suspended its website after a security breach was uncovered.
David Jones, Kmart and Catch of the Day also suffered security breaches last year.
Michael McKinnon, security awareness director at AVG Technologies, told SmartCompany this morning a major issue for the security industry is not knowing how many businesses are being compromised due to a lack of mandatory reporting laws.
“Cybercriminals are often getting away with crimes that are unreported,” McKinnon says. “The awareness level in the community that should be there isn’t there. There is a strong argument that this legislation will assist in this endeavour in that it will help bring those crimes to light.”
We would then hope that, overall, it would have a net impact on improving things for our country as whole.”
The government has indicated it wants to streamline the mandatory reporting process for businesses as much as possible to reduce the impact of additional regulatory burdens.
However, McKinnon points out that, when it comes to protecting information, the vast majority of companies would already be making significant investments in terms of time and resources.
“The real wake-up call here for a lot of online retailers is going to be more around making sure that those security programs are in place to protect their information as best as possible,” he says.
“If we look at the recent [data] compromises, many of them could have been prevented. There are many cases when data breaches and compromises are the result of poor business practices rather than technological flaws.”
The government is seeking feedback on the proposed data breach legislation, with the deadline for submissions falling on March 4.
Be honest about your situation: How vulnerability helps businesses thrive Sue Parker DARE Group founder
Own it: The 10 things you need to do to manage your personal brand Lisa Stephenson Who Am I Projects founder
Six invaluable lessons: What 20 years in aged care taught me about being an entrepreneur Natasha Chadwick NewDirection Care founder
An entrepreneurial superpower: Eight tips to help develop resilience Adala Bolto ZADI Training co-founder
Going through a lull? Five areas you should invest in when sales drop Tamara Alaveras and Sonia Majkic 3 Phase Marketing co-founders
Stop telling us how busy you are, it's boring and charmless Ian Whitworth Scene Change co-founder
Blandification™ and the state of modern branding Jeffrey Oley The Offices co-founder
Why you should find the right role for the right person — not the other way around Bruce Stronge Outfit founder