A data breach occurs when personal information is subject to unauthorised access or disclosure or if information is lost in circumstances where unauthorised access or disclosure is likely. A breach must be notified to the Office of the Australian Privacy Commissioner (OAIC) and all affected individuals when one or more individuals are likely to suffer serious harm as a result of the breach.
Category: Privacy & Data Protection
Our latest news and insights
A collection of case studies and articles highlighting the latest in legal news.
Julia Cameron is a Partner in Rigby Cooke’s Corporate & Commercial group and Practice Lead for the Privacy & Data Protection team with over 10 years of legal experience. Julia specialises in corporate and commercial advice, commercial agreements, transactions, intellectual property and information technology.
- Many Australian businesses must disclose when they have been affected by a data breach
- While reputational damage is a critical risk for businesses, there is also the threat of monetary penalties of up to $2.1 million and orders of uncapped compensation
- A representative complaint – similar to a class action – has been made against Optus on behalf of a group of individuals affected by an alleged breach in 2019.
- Privacy Awareness Week – an opportunity for all organisations to ‘Reboot your privacy’
- Organisations are responsible for the actions of their employees – this calls for innovation when ensuring the security of personal and confidential information in the “home office”
- To be effective, privacy and security arrangements must include appropriate training, clear and documented policies and procedures and management oversight.
All Australian organisations are facing unfamiliar challenges and pressures as they manage and adapt their business operations in these unprecedented times. It is definitely not “business as usual”.
However, it is important for businesses not to lose sight of their privacy and data protection obligations during this time. This is particularly so as businesses are collecting more detailed and sensitive information about employees, contractors, visitors and other individuals that interact with their business to help manage the spread of COVID-19 and many workplaces have moved to remote working arrangements.
The Commonwealth Notifiable Data Breaches (NDB) scheme has now been in place for over 18 months and has been widely publicised. Your organisation should be aware of its obligations and have a data breach response plan in place so that quick action can be taken if a breach occurs or is suspected to have occurred.
Businesses operating in Australia are subject to a kaleidoscope of constantly evolving privacy obligations. As privacy week draws to a close, it is an opportune time to look forward to how the privacy landscape might change in the future, subject to the outcome of tomorrow’s federal election.