Changes to the Privacy Act and the passing of the Notifiable Data Breach Bill spell changes for Australian businesses, social media archiving and information management.
We’ve put together a cheat sheet to help you understand how it might impact you and for you to use as a template in your social media policy:
What is a security breach?
A security breach can include; lost or stolen laptops, USBs or other portable storage devices, paper records that have been misplaced or stolen, lost direct messages, deleted Facebook conversations with a member of the public or emails that contain sensitive information sent to the wrong person.
The changes in legislation show a change towards ensuring organisations take responsibility for the communication and identification of data breaches, including their reporting and information management duties.
What is a Notifiable Data breach?
- Customer or client information has disappeared or is not accessible
- A third party has unauthorised access to customer/client data
- Personal information that identifies an individual has been disclosed (inadvertently, maliciously or accidentally)
What steps you do take if you experience an unauthorised breach?
- If any unauthorised breach, disclosure or loss of data poses a genuine risk to individuals involved, the organisation has a duty of care to report the matter and directly contact anyone who’s data may have been compromised.
- Notify anyone affected by any data breach the appropriate action and where they can get support.
- Your organisation may be required by law to notify the Privacy Commissioner and any affected members of the public when data breaches or data losses occur.
- Organisations who don’t report ‘breaches’ or ignore their reporting obligations are liable to pay fines up to $360,000 for individuals and $1.8 million for organisations.