Receive the latest mybusiness newssign up
Risks of mandatory breach reporting undersold

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Risks of mandatory breach reporting undersold

Lock, cyber security,

Businesses of all size face a massive challenge in meeting introduction of mandatory data breach reporting, but there are fears not all of the associated cyber risks have been considered.

The Privacy Amendment (Notifiable Data Breaches) Act 2017 is an amendment to the national Privacy Act and comes into force from 22 February this year.

It mandates that all businesses and organisations bound by the Privacy Act in relation to personal data storage – regardless of size – must notify any and all individuals whose personal information is involved in a data breach that will likely cause significant damage or harm.


More information on the change can be found on the Australian Information Commissioner’s website.

While businesses may have been improving their security frameworks and preparing reporting procedures for any future breach, serviced office and co-working space provider Servcorp said a potentially overlooked area of security pertains to shared internet networks.

“It’s a really common thing – to log on to free Wi-Fi at cafes or hotels, or even at some … co-working spaces,” said Liane Gorman, general manager at Servcorp ANZ.

“But its likely placing your customer data at risk. For employees, it is particularly important that they recognise and respect this change.”

Given that businesses covered by the new legislation are required to take reasonable steps to secure the personal data they collect, Ms Gorman said that business leaders will need to examine the security of more than just their fixed IT equipment and networks.



“It is vital that businesses are reviewing how they, and their employees, are working following this change,” she said.

Security firm CyberArk recently published a report that suggested around two-thirds of Australian IT professionals fear their employers are the target of sophisticated attacks.

Risks of mandatory breach reporting undersold
mybusiness logo