On the 22nd February 2018 new laws took effect in Australia that affect every business. Notifiable Data Breach (NDB) laws aim to make businesses more cyber secure and encourage them to take active steps before an event occurs.
So what businesses are covered? All businesses (including NFPs) with annual turnover of $3m or greater.
What happens? If your data (which exposes your customers) has been accessed and stolen in any way when you need to report it within 30 days.
How do you report? Reporting takes forms. Firstly, you must report to the Office Australian Information Commissioner (OAIC) through a form located on their website. Secondly, you must report to the affect customers of what data what accessed and how they were exposed.
Penalties apply if reporting is not actioned within 30-days of the breach.
What can be done to secure your data? Take the following steps to reduce the risk of data breach.
1) Identify what is your most important data and ensure that it is securely backed up and protected with strong user permissions. Only collect data on customers that you absolutely need.
2) Change passwords regularly for all staff. If you have a staff member leave, use this as a time to change everyone's passwords
3) If you are very concerned about your data, ask us about multi-factor authentication - similar to a token you may use to login to your bank.
Further References:
Office Australian Information Commissioner - https://www.oaic.gov.au