For many small business owners, reporting a data breach can be the last thing on their mind. However, new laws that have recently come into effect mean that non-disclosure of any data breach can result in crippling fines for these businesses.
A data breach occurs when personal information that an entity holds is subject to any unauthorised access or disclosure of personal information, or loss of personal information. A breach can occur when a device containing customers’ personal information is lost or stolen, a sensitive database is hacked or when personal information is mistakenly provided to the wrong person.
The Notifiable Data Breaches (NDB) scheme of the Privacy Act has established new reporting requirements effective from the 22nd of February 2018. The new laws mandate that small businesses covered by the Australian Privacy Act 1988 must report all eligible data breaches to authorities and also members of the public if it believes or is aware that data has been compromised.
With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of not reporting a data breach can be devastating to small businesses.
As data breaches can have serious consequences, it is imperative that small businesses have robust systems and procedures in place to identify a data breach and respond effectively.
Every device on an organisation’s network is at risk, including printing and imaging devices. There’s also security blind spots that businesses need to be aware of, such as data that is read from a device’s screen without permission, for example when you open your laptop or smartphone on the train on the way home from work.
In a world where data breaches are becoming more common, small businesses should be taking steps now to ensure the safety of their data to prevent a data breach from occurring in the first place. By being prepared, businesses can eliminate the risk of serious damage to both their brand and the customer’s livelihood.
If you would like to discuss how we can help to protect you against a data breach, please contact us.