Are you exposed to a data breach fine

Are you exposed to a data breach fine?

Dealing with Data Breaches

Recently, both David Jones and K-Mart experienced data breaches, as hackers exploited a vulnerability in the retailer’s third party website software.  Fortunately, both companies have stated that no financial information is said to have been stolen.  However, the press releases indicate that the hackers were able to obtain customer names, email addresses and addresses.  David Jones has warned that customers should ensure that they do not provide financial information over the phone or via email.

Data breaches are an increasing risk and issue, with the number of reported data breach notifications increasing over the last year, according to Australia’s Privacy Commissioner.  No one is immune to hackers, so it is important to ensure that your business is protected from huge penalties if you collect personal information from customers.

Penalties for Retailers

As of July 2015, under Australian Privacy Laws, retailers (particularly online retailers) may be liable in cases of data breach for up to $1.8mil, for a failure to take reasonable steps to protect the privacy of personal information collected.  Furthermore, individuals that have had their information compromised may also be entitled to compensation, depending on the circumstances.

Avoiding a fine

There are many steps that you can take to minmise the risk of a data breach and a hefty fine.  Such steps include, undertaking risk assessments including a privacy impact assessment, appropriate training of your staff, appointing a person within your business who can take responsibility for privacy and data protection, engaging with appropriate technology, monitoring and reviewing your systems.

It is a good idea to have a regular review of what information you are collection and how long you need to keep it for (both practically and under law).

It is also recommended that you have a Privacy Policy in place.  A privacy policy is strictly required by law under the National Privacy Principles if your business collects “Sensitive Information” or if your company’s turnover is greater than $3mil.  However, it is becoming increasingly common for smaller online businesses to have privacy policies in place.

Privacy Policies not only provide peace of mind for customers, but they also set clear standards for the way your business handles customer information and security measures.  These help to guide your business in taking reasonable steps to protect personal information, particularly if your data is ever breached and the Australian Information Commissioner needs to make inquiries.

Gladwin Legal can help you develop your privacy policy or assist with other important documents to help protect your business in the worst case scenario.  For an obligation-free chat, contact us on  or 1300 033 934.

Source: http://www.abc.net.au/news/2015-10-02/david-jones-computer-system-hacked-customer-details-stolen/6824170