Is Your Organisation Prepared for a Data Breach?

Meriton, the property development company owned by Harry Triguboff, suffered a data hack in mid-January, with 1,889 guests and past and present employees of Meriton Suites – its hotel arm – potentially affected. The financial, health and employment information of staff, as well as guest contact information, may have been exposed in the attack.

Latitude Financial – the financial services provider – suffered an attack in March, with the driver’s licence numbers of 7.9 million Australian and New Zealand customers and applicants stolen.

The attacks are a timely reminder of the need to be vigilant when storing and managing data. The last thing your organisation needs is a data breach!

So, What is a Data Breach?

The Office of the Australian Information Commissioner (OAIC) defines a data breach as being when personal information an organisation or agency holds is lost or subjected to unauthorised access or disclosure. For example, when:

  • a device with a customer’s personal information is lost or stolen,
  • a database with personal information is hacked, and/or
  • personal information is mistakenly given to the wrong person.

Your Obligations in the Event of a Data Breach

The OAIC – Australia’s independent national regulator for privacy and freedom of information – has stringent rules when it comes to managing data and reporting data breaches. It states that any organisation or agency with an annual turnover of more than AU$3 million, and all Australian Government agencies, must understand their obligations when handling personal information.

Additionally, if there are “reasonable grounds to believe an eligible data breach has occurred” they are obliged to promptly notify the OIAC and any individual at risk of serious harm.

When to Notify

Organisations and agencies with a turnover of $3 million or more, as well as government agencies must notify affected individuals and the OAIC if:

  • There is unauthorised access to or disclosure of personal information held by an organisation or agency (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
  • This is likely to result in serious harm to any of the individuals to whom the information relates.
  • The organisation or agency has been unable to prevent the likely risk of serious harm with remedial action.

When notifying individuals who may be affected, you must also recommend steps they can take in response to the data breach.

When notifying the OIAC, you’ll need to submit this form.

While data breaches are increasingly common, there are steps that all organisations can take to do their best to prevent a breach.

The OAIC has plenty of great advice, but you should also engage the services of IT security experts.

Your Data is Secure with the Ayers Group

The Ayers Group has been established in Australia since 1998, and today we’re one of the country’s most trusted, innovative business brands within our sector. We’ve invested over 20 years of experience into purpose-building secure, sophisticated systems that help recruitment companies and corporations manage contractors with ease. Our back office solution gives you a real-time bird’s eye view of all the contractor arrangements you have in place, from workflows and timesheets to invoicing and more. Clear, secure, and simple. Contact an expert at The Ayers Group to find out more.