Cyber security experts counsel us that it’s a matter of when, not if your data will be compromised in some way either maliciously or by accident.  The opportunity for personal information to be lost only increases as businesses store greater and greater amounts of electronic information and outsource marketing, HR and operational activities to third parties without considering how they will protect information entrusted to them. 

It’s not only the Russian hacker you need to be concerned with – consider the possibility of a USB stick containing customers’ personal information being left at the airport.  Or perhaps your e-commerce provider’s database is made visible to the public.  Or you’ve simply sent that excel file containing personal information to the wrong person. 

From 22 February 2018, all data breaches likely to result in serious harm to anyone to whom the information relates will be notifiable under the new Mandatory Data Breach Notification scheme.  It imposes an obligation on organisations bound by the Privacy Act to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals at risk of serious harm that a data breach has occurred.

If you need to comply (we can assist with that assessment) as a first step, download our Notifiable Data Breach Checklist to get a high level overview of what you should be thinking about now in preparation for 22 February 2018.  Having a plan in place prior to any breach will assist you to meet your legal obligations, but also enable you to protect a valuable business asset – your data, and your reputation with the public, customers and suppliers.     

For advice or further information, please contact:

Paul Gray
Principal Lawyer
T  03 5225 5231


Jesse Drever
T  03 5225 5226