The Privacy Amendment (Notifiable Data Breaches) Act 2017 is an amendment to the national Privacy Act and comes into force from 22 February this year.
It mandates that all businesses and organisations bound by the Privacy Act in relation to personal data storage – regardless of size – must notify any and all individuals whose personal information is involved in a data breach that will likely cause significant damage or harm.
More information on the change can be found on the Australian Information Commissioner’s website.
While businesses may have been improving their security frameworks and preparing reporting procedures for any future breach, serviced office and co-working space provider Servcorp said a potentially overlooked area of security pertains to shared internet networks.
“It’s a really common thing – to log on to free Wi-Fi at cafes or hotels, or even at some … co-working spaces,” said Liane Gorman, general manager at Servcorp ANZ.
“But it’s likely placing your customer data at risk. For employees, it is particularly important that they recognise and respect this change.”
Given that businesses covered by the new legislation are required to take reasonable steps to secure the personal data they collect, Ms Gorman said that business leaders will need to examine the security of more than just their fixed IT equipment and networks.
“It is vital that businesses are reviewing how they, and their employees, are working following this change,” she said.
Security firm CyberArk recently published a report that suggested around two-thirds of Australian IT professionals fear their employers are the target of sophisticated attacks.