As of 22 February 2018, data breach notification has become mandatory with all businesses required to comply with the Privacy Act 1988.
All entities covered by the Australian Privacy Principles (APPs) now have clear obligations to report eligible data breaches to the Office of the Australian Information Commissioner (OAIC).
According to the HP Australia IT Security Study, conducted by ACA research, more than half of small businesses in Australia are unaware that new laws around mandatory reporting of data breaches are now effective. Many small business owners are unaware that data breaches could result in serious fines and many don’t consider themselves prepared for the new laws.
Small businesses have been warned that the consequences of a data breach can be severe, ranging from financial to brand and reputational damage.
Australian Small Business and Family Enterprise Ombudsman Kate Carnell explains: “With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of a breach on small businesses can be devastating”.
Small businesses are being urged to prepare a Data Breach Response Plan in the event of a data breach, which can be implements in the first few hours after a data breach is discovered.