Byline: Emma Simpson

A data breach occurs when personal information is subject to unauthorised access or disclosure or if information is lost in circumstances where unauthorised access or disclosure is likely. A breach must be notified to the Office of the Australian Privacy Commissioner (OAIC) and all affected individuals when one or more individuals are likely to suffer serious harm as a result of the breach.

As Privacy Awareness Week 2020 draws to a close we reflect on what businesses can do to ‘Reboot your privacy’ as well as some current hot topics in the Australian privacy space:

• Many Australian businesses must disclose when they have been affected by a data breach
• While reputational damage is a critical risk for businesses, there is also the threat of monetary penalties of up to $2.1 million and orders of uncapped compensation
• A representative complaint – similar to a class action – has been made against Optus on behalf of a group of individuals affected by an alleged breach in 2019.

• Privacy Awareness Week – an opportunity for all organisations to ‘Reboot your privacy’
• Organisations are responsible for the actions of their employees – this calls for innovation when ensuring the security of personal and confidential information in the “home office”
• To be effective, privacy and security arrangements must include appropriate training, clear and documented policies and procedures and management oversight.

• Landlords should register security interests on the PPSR in cash security deposits or cash bonds paid under a commercial or retail leases

The Commonwealth Notifiable Data Breaches (NDB) scheme has now been in place for over 18 months and has been widely publicised. Your organisation should be aware of its obligations and have a data breach response plan in place so that quick action can be taken if a breach occurs or is suspected to have occurred.