0409 092 947 alexc@abterrace.com.au

INSURANCE DOESN’T HAVE TO BE COMPLICATED

AMC INSURANCE PTY LTD

NOTIFIABLE DATA BREACH SCHEME (Privacy Act Amendment)

WHAT IS THE NBD SCHEME?

As of 22nd of February 2018, the Notifiable Data Breach (NDB) scheme came into effect.

The NDB scheme is an amendment to the Privacy Act 1988, which may make a notification mandatory for any privacy breaches that occur on or after 22nd of February 2018.

The exposure from corporate cyber security threats and data breaches continues to impact individuals as continues to be monitored by the Office of the Australian Information Commissioner (https://www.oaic.gov.au/newsroom/cyber-security-incidents-impact-data-breach-risk).

 

WHO DOES IT AFFECT?

ANY BUSINESS SUBJECT TO THE REQUIREMENTS OF THE PRIVACY ACT WILL NEED TO ADHERE TO THE NEW LEGISLATION

According to the OAIC:

  • The NDB scheme will apply to agencies and organisations that the Privacy Act requires taking steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.

To learn more about entities which are covered by the scheme:

https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/entities-covered-by-the-ndb-scheme

WHAT IS A DATA BREACH?

DATA BREACHES ARE CONSIDERED TO HAVE OCCURRED IF THE FOLLOWING THREE CRITERIA ARE MET:

  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds
  2. that is likely to result in serious harm to one or more individuals; and
  3. the entity has not been able to prevent the likely risk of serious harm with remedial action

DATA BREACHES CAN OCCUR IN VARIOUS WAYS:

  • Lost or stolen laptops, removable storage devices (e.g. USB), or paper records containing personal information
  • Hard disk drives and other digital storage media (integrated in other devices e.g. multi-function printers) being disposed of or returned to equipment leasers without the contents first being erased
  • Databases containing personal information being hacked into or illegally accessed
  • Employees accessing or disclosing personal information outside of work requirements
  • Paper records stolen from insecure recycling bins or rubbish bins
  • Employees mistakenly providing personal information to the wrong person (e.g. sending personal information to the wrong email address)

Not only can a breach cost your company substantial amounts of money, it can also hurt your reputation.

HOW CYBER INSURANCE CAN PROTECT YOUR BUSINESS FROM THE NOTIFIABLE DATA BREACH SCHEME:

The below risk exposures and commercial expenses are intended to be covered by Cyber Insurance policies:
  • Liability arising from failure to maintain the confidentiality of data
  • Liability arising from unauthorised use of your network
  • Network or data extortion/ blackmail (where insurable)
  • Online media liability
  • Regulatory investigations and or enforcement proceedings expenses and fines/penalties (where insurable)
  • Costs associated with mandatory data breach notification.
  • Business interruption loss due to a network security failure or attack, human errors, or programming errors.
  • Data loss and restoration including decontamination and recovery.
  • Incident response and investigation costs, supported by incident reporting hotline and local vendors.
  • Delay, disruption, and acceleration costs from a business interruption event.
  • Legal costs including exercising contractual indemnity.
  • Crisis communications and reputational mitigation expenses.

PROTECTING YOUR BUSINESS WITH THE RIGHT TYPE OF INSURER AND POLICY CAN OFFER PEACE OF MIND BY PROVIDING:

  • 24 hour, 7 days a week, 365 days a year incident response hotlines to call in the event of a claim; and
  • specialist support staff from your insurer’s vendor panel with local, regional and global capabilities

 

Alex Conlon

Alex Conlon

Director | M: 0409 092 947 | E: alexc@abterrace.com.au

If you would like to discuss the new reporting requirements under the Notifiable Data Breach Scheme, or Cyber Liability Insurance, please feel free to contact us.

INTERESTED IN MORE ARTICLES?

Cyber and Hacker Attacks: Quick Tips

Read More