Search for insurance help
Increased SME penalties for data breaches
Business Insurance
Cyber Insurance
Technology Sector Insurance
Data Processing Insurance
IT Services Insurance
Recent data breaches fuel new penalties
The recent, high-profile, Optus and Medibank, data breaches have resulted in changes to the Privacy Act 1988, including substantially larger penalties for companies and individuals. These changes also bring Australia’s privacy legislation into closer alignment with the European GDPR Privacy laws (General Data Protection Regulation).
Penalties for major breaches of the Privacy Act
Serious or repeated non-compliance with the Privacy Act, existing penalties have increased for individuals from $444,000 to $2.5 million per breach.
For companies, the greater of the following three penalties can now apply:
Up to $50 million (increased from $2.2 million) per breach;
3x the value of any benefit the business gains; and
30% of the business’s adjusted Australian revenue, during the period of non-compliance.
3x the value of any benefit the business gains; and
30% of the business’s adjusted Australian revenue, during the period of non-compliance.
New powers for the OAIC
In addition, the powers of the OAIC (Office of the Australian Information Commissioner), have been widened to:
The right to conduct an assessment of an organisation’s compliance with the Notable Data Breaches Scheme under the Privacy Act;
The right to require information regarding an actual or suspected data breach;
The right to share information with other enforcement agencies and the public;
The right to make public any finding following an investigation; and
The right to issue infringement notices for failure to provide requested information.
The right to require information regarding an actual or suspected data breach;
The right to share information with other enforcement agencies and the public;
The right to make public any finding following an investigation; and
The right to issue infringement notices for failure to provide requested information.
How to protect your business from breaching the Privacy Act
SMEs with an annual turnover above $3 million must comply with the Privay Act. However, some businesses with less than $3 Million turnover must comply, if they are in the medical or health sectors or deal in personal information.
Cyber risk management is your first line of defence against successful data breaches. These include only collecting and holding essential customer information and do so for no longer than necessary. It’s also important that cyber security policies are updated across your organisation and that all employees have ongoing training.
Cyber Insurance is also a great way to protect your company from the financial cost of any breach or investigation. This insurance is specifically designed to help your business recover from a data breach by, for example, covering the costs of data recovery and restoration, legal defence, cyber extortion and crisis management.
Does your business have cyber insurance?
Contact us today
Summary
Increased SME penalties for data breaches
The Optus and Medibank data breaches have galvanised both the public and the government. The result is a set of amendments to the Privacy Act that brings us into line with the European GDPR and major increases in fines for non-compliance and greater powers for the OAIC to investigate and deal with breaches.
The Optus and Medibank data breaches have galvanised both the public and the government. The result is a set of amendments to the Privacy Act that brings us into line with the European GDPR and major increases in fines for non-compliance and greater powers for the OAIC to investigate and deal with breaches.
Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.
A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.
Increased SME penalties for data breaches
The Optus and Medibank data breaches have galvanised both the public and the government. The result is a set of amendments to the Privacy Act that brings us into line with the European GDPR and major increases in fines for non-compliance and greater powers for the OAIC to investigate and deal with breaches.
The Optus and Medibank data breaches have galvanised both the public and the government. The result is a set of amendments to the Privacy Act that brings us into line with the European GDPR and major increases in fines for non-compliance and greater powers for the OAIC to investigate and deal with breaches.
QUESTIONS? JUST ASK
Adroit Insurance & Risk
General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.
All information above has been provided by the author.
All information above has been provided by the author.
Adroit Insurance & Risk, ABN 75 078972 700, AFSL 244 348
This article originally appeared on Adroit Blog and has been published here with permission.
QUESTIONS? JUST ASK
Adroit Insurance & Risk
Comments (0)
Related articles
Related insurance brokers
183 reviews
Featured
a day
16 reviews
Featured
a few minutes
26 reviews
Log in with Google
