As Privacy Awareness Week 2021 draws to a close, Rigby Cooke Lawyers are sharing the results of research recently undertaken by Kantar Australia on behalf of the firm, and what this means for businesses.
Category: Privacy Awareness Week
Our latest news and insights
A collection of case studies and articles highlighting the latest in legal news.
A data breach occurs when personal information is subject to unauthorised access or disclosure or if information is lost in circumstances where unauthorised access or disclosure is likely. A breach must be notified to the Office of the Australian Privacy Commissioner (OAIC) and all affected individuals when one or more individuals are likely to suffer serious harm as a result of the breach.
Myth v Fact – When we share our customers’ personal information with our contractors, their handling practices are not our problem
Turn your mind to the other businesses with which you share personal information – they may be based in Australia or overseas, they may receive personal information about a single customer (for example, to facilitate delivery of an order), or whole databases (for example, to carry out marketing campaigns or store your CRM).
It is a common misconception that ‘personal information’ is a reference to sensitive information like health, medical or financial information. This is not true. Personal information captures any information about an identifiable person.
- Many Australian businesses must disclose when they have been affected by a data breach
- While reputational damage is a critical risk for businesses, there is also the threat of monetary penalties of up to $2.1 million and orders of uncapped compensation
- A representative complaint – similar to a class action – has been made against Optus on behalf of a group of individuals affected by an alleged breach in 2019.
We’re a small business. The Privacy Act and Notifiable Data Breach Scheme don’t apply to us.
Generally, businesses do not need to comply with the Privacy Act until their annual turnover reaches $3 million. However, some businesses are required to comply regardless of their size.
- Privacy Awareness Week – an opportunity for all organisations to ‘Reboot your privacy’
- Organisations are responsible for the actions of their employees – this calls for innovation when ensuring the security of personal and confidential information in the “home office”
- To be effective, privacy and security arrangements must include appropriate training, clear and documented policies and procedures and management oversight.