Media coverage

VACC in the media.

webdesign
/ Categories: Automotive Daily News Alert, Industry Divisions, AAG, ARD, ADRD, AED, BRD, CVIA, ERRD, FIMDA, MID, RSD, SSCSD, TOD, UCTD, VADA, VTDA, VVRIG

Bulletin for All Members

Mandatory Data Breach Notification

Dear Members

Wishing you all a happy, healthy and prosperous 2018.

As many of you are returning from a well-deserved break and back to the daily grind of work life, it is an opportune time to think about new legal implications that may affect your business this year and beyond.

From 22 February 2018, a privacy amendment the (Notifiable Data Breaches (NDB)) Act 2017 comes into effect. Businesses with a turnover of more than 3 million will be legally obliged to report any ‘eligible’ data breaches to the Australian Privacy and Information Commissioner, and notify any customers that may have been affected as soon as possible.

An eligible data breach arises when the following three criteria are satisfied:

  1. There is unauthorised access to, or unauthorised disclosure of personal information or a loss of personal information that an entity holds, e.g. database containing personal information is hacked, information mistakenly supplied to the wrong person or a device containing personal information is lost.
  2. This is likely to result in serious harm to one or more individuals, and
  3. The entity has not been able to prevent the likely risk of serious harm with remedial action

Failure to comply with the new notification scheme will be “deemed to be an interference with the privacy of an individual”, and there are civil penalties for serious or repeated offences. There is a maximum penalty of $360,000 for individuals and $1,800,000 for corporate bodies.

Businesses should immediately begin to:

  • Identify where the data resides, especially if it is outsourced for processing by a third party.
  • Review internal data collection practices and policies, to ensure personal data is collected and stored only when necessary.
  • Perform a risk assessment across the whole business to identify weaknesses in cybersecurity practices.

If you fall into this category, VACC recommends you perform a risk assessment on your business to ensure all the necessary steps have been taken to mitigate a potential breach. For further information and to access the draft data breach statement forms visit the Office of the Australian Information Commissioner website by taking this link

Print
488

Name:
Email:
Subject:
Message:
x