Come the 1st February, changes will occur in relation to what needs to occur if your business finds itself subject to a data breach / hacking.
Changes to the National Privacy Act (1988) now means that organisations covered by this legislation MUST notify any individuals who may be at risk of harm as a result of a data breach. Examples of data breaches can include when a device containing customers personal information is stolen, a database containing personal information is hacked or if personal information is mistakenly provided to the wrong person.
Where an organisation becomes aware that there are reasonable grounds to believe an eligible data breach has occurred, they are obligated to notify individuals at likely risk of serious harm and the Commissioner as soon as practicable. This notification must set out:
- the identity and contact details of the organisation
- a description of the data breach
- the kinds of information concerned and:
- recommendation about the steps the individuals should take in response to the data breach. https://www.oaic.gov.au/engage-with-us/consultations/notifiable-data-breaches/
So what does this mean for small businesses & insurance?
According to a 2016 Report by cyber-security firm Symantec - 43% of cyber-attacks are targeted against small business. Obviously prevention is ALWAYS better than a cure, however, how would your business cope if your data was attacked or you found yourself having to report a breach? What damage would this present to your reputation, your clients trust, your income and your ability to recover?
The impact to your business could be catastrophic. Speak with a qualified and experienced insurance broker TODAY about cyber insurance options and how having this cover in place could potentially save your business! In the meantime, also check out www.staysmartonline.gov.au