Responsibility to Act Quickly on Data Breaches

Posted 28-09-2020
Written by admin 101

Data breaches are security violations in which sensitive, protected or confidential data such as credit card and bank details, personal health records and intellectual property is copied, transmitted or stolen by unauthorised persons. The RMB Lawyers Business & Commercial Transactions division explains the process for companies or individuals that experience a data breach.

With more data being stored electronically and digital hackers becoming more skilled and harder to stop, data breaches are now becoming more common. The Privacy Act 1988 is the governing law on Data Breaches in Australia and the Office of the Australian Information Commissioner is the body that handles data breaches in Australia.

To put it simply, a breach is any unauthorised access to, unauthorised disclosure of, or loss of, personal information held by you or your business. If that access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates, then this is a notifiable breach and you must take action.

It is important that you know what a breach is for you and your business and understand which principles or codes directly apply to you.

You have to notify the people to whom the data relates when:

  1. A breach occurs that may result in serious harm to the individuals to whom that data relates; or
  2. You have reasonable grounds to believe a breach has occurred and that breach may result in serious harm to the individuals to whom that data relates; or
  3. You are directed to make a notification by the Australian Information Commissioner.

You have to tell the people to whom the data relates and the Office of the Australian Information Commissioner as soon as is practicable after you are made aware of or have developed the reasonable suspicion of the breach.

You must prepare and send a statement that sets out:

  1. Your contact details, or those of the business;
  2. A description of the breach;
  3. The information that the breach relates to; and
  4. The steps those individuals should take in response to the breach.

You must also provide a copy of this statement to the Office of the Australian Information Commissioner.

If you are unsure of your responsibilities, RMB Lawyers has skilled lawyers who can help you or your business find the answers to your data breach questions. Contact our office to arrange a free consultation. You can contact us by by phone or our 'Ask a Question' tool on our website.