A data breach occurs when personal information is subject to unauthorised access or disclosure or if information is lost in circumstances where unauthorised access or disclosure is likely. A breach must be notified to the Office of the Australian Privacy Commissioner (OAIC) and all affected individuals when one or more individuals are likely to suffer serious harm as a result of the breach.
While breaches are often associated with malicious attacks and hackings (such as phishing and malware attacks or impersonation), many breaches occur due to inadvertence or human error. A breach can occur if personal information is sent to the wrong person by email, if there is an unintended release or publication of personal information or if paperwork or a data storage device is lost. Between July and December 2019, breaches resulting from human error accounted for 32% of all breaches notified to the OAIC.
Legal consequences aside, a data breach may cause serious and irreparable reputational damage to an organisation. Merely having a Privacy Policy will not stop a breach occurring. Organisations must have in place information handling procedures and a data breach response plan, supported by regular staff training.
Talk to our Privacy and Data Protection team to properly understand your obligations.
| Disclaimer: This publication contains comments of a general nature only and is provided as an information service. It is not intended to be relied upon as, nor is it a substitute for specific professional advice. No responsibility can be accepted by Rigby Cooke Lawyers or the authors for loss occasioned to any person doing anything as a result of any material in this publication.
Liability limited by a scheme approved under Professional Standards Legislation. ©2020 Rigby Cooke Lawyers |