For many small business owners, reporting a data breach can be the last thing on their mind. However, new laws that have recently come into effect mean that non-disclosure of any data breach can result in crippling fines for these businesses.
What is a Data Breach?
A data breach occurs when personal information that an entity holds is subject to any unauthorised access or disclosure of personal information, or loss of personal information. A breach can occur when a device containing customers’ personal information is lost or stolen, a sensitive database is hacked or when personal information is mistakenly provided to the wrong person.
The Notifiable Data Breaches (NDB) scheme of the Privacy Act has established new reporting requirements effective from the 22nd of February 2018. The new laws mandate that small businesses covered by the Australian Privacy Act 1988 must report all eligible data breaches to authorities and also members of the public if it believes or is aware that data has been compromised.
With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of not reporting a data breach can be devastating to small businesses.
What Do Small Businesses Need to Do?
As data breaches can have serious consequences, it is imperative that small businesses have robust systems and procedures in place to identify a data breach and respond effectively.
Every device on an organisation’s network is at risk, including printing and imaging devices. There’s also security blind spots that businesses need to be aware of, such as data that is read from a device’s screen without permission, for example when you open your laptop or smartphone on the train on the way home from work.
Here are some key tips on how to prepare for the new laws:
- Prepare a Data Breach Response Plan
- Identify at-risk data, where its kept and where it is being used – ensure all data is stored securely and with encryption
- Train staff to implement your plan
- Have a security policy in place for employees that work remotely and take their work devices home
In a world where data breaches are becoming more common, small businesses should be taking steps now to ensure the safety of their data to prevent a data breach from occurring in the first place. By being prepared, businesses can eliminate the risk of serious damage to both their brand and the customer’s livelihood.
If you would like to discuss how we can help to protect you against a data breach, please contact us.