Recent changes to the Privacy Act 1988 (Cth) have imposed strict obligations when personal information is lost or released. “Personal information” includes client personal details, bank accounts, licence details, medical records and taxation documents. Personal information can be stored electronically as well as hard copy print. As more workplaces convert to digital technology, personal information stored in files, clouds and servers are at risk of being hacked, shared or inadvertently lost.
How can data breaches occur?
Data breaches can occur in a number of ways, and it is important that businesses and their employees are aware of the risks involved in their processes and methods of storing personal information. Data breaches do not have to be intentional to make them a breach, for instance, leaving a client file at court, or having a bag stolen with a work phone or document inside. A breach could also occur when correspondence is emailed to an incorrect address.
Who has to be notified when a data breach occurs?
As such, a new requirement under the Act is that a holder of personal information must notify any affected individuals and the Privacy Commission of an ‘eligible data breach’. To be an ‘eligible data breach’, there must be unauthorised access, loss, or release of personal information that is likely to result in serious harm to the individual the information is about. The Privacy Commission will consider the type and sensitivity of the information and the security measures that were in place to protect it when determining whether the breach will result in ‘serious harm’.
Know your obligations under the Privacy Act 1988 (Cth)
If you or your employees store or access personal information, it is vital that you are familiar with the new obligations contained in the Act. Any potential for a data breach must be identified as early as possible in order to minimise risk. Likewise, if you are aware of a potential breach of data, then you must act promptly.
The legal team at Wallace & Wallace can assist you with understanding your obligations and any necessary action to be taken in the situation of a data breach.
Please do not hesitate to contact our office on (07) 4963 2000 or via our online contact form.