New Laws Surrounding Data Breach Notifications

March 17, 2017

Changes to the Privacy Act will come into place now that the mandatory data breach notification laws have been passed in Australia.

The amendment, which was passed by both parliamentary houses earlier this year will make changes to the laws dealing with privacy in Australia. These changes will signal a new era of corporate responsibility and transparency when it comes to protecting the sensitive and personal information of individuals.

What Changes Have Been Made?

The Privacy Amendment (Notifiable data Breaches) Act 2017 will protect individuals if an eligible data breach occurs. This refers to instances where a business or corporation experience a data breach that allows for:

-Unauthorised access or disclosure of personal information, and a reasonable person would conclude this is likely to result in ‘serious harm’ to the individuals to whom the information relates.

Or

-Personal information is lost in circumstances when unauthorised access or disclosure is likely to occur; and assuming unauthorised access/disclosure was to incur, a reasonable person would conclude this is likely to result in serious harm to the individuals to whom the information relates.

The Government has said that these changes need to be made to ensure individuals whose personal information has been compromised are able to take steps to avoid “potential adverse consequences”. This means that any breach events will be placed under public scrutiny for the first time ever.

What Does This Mean for Businesses?

The mitigation of any potential third party claims exposures, first party damage (such as someone’s reputation), and any increased regulatory costs should come into sharper focus for businesses.

When looking for appropriate cyber insurance protection, it will be more important than ever to look closely at any available risk management and insurance solutions that would offset any costs if a breach were to occur.

This new development will likely result to changes in insurance policies and extra scrutiny being placed on relevant limits and deductibles on any policies that cover cyber crime events, such as credit monitoring and/or identity theft.

When Will These Changes be Enforced?

While there is no specific date estimated for these changes to take place, as the bill has been sent to the Governor-General to receive Royal Assent, it is expected these changes will start to be enforced within the next 12-months, or shortly thereafter.

Talk to GSK Insurance Brokers today, to see how our cyber crime insurance can protect you against these new data breach notification laws.