{"id":663,"date":"2018-12-10T00:00:00","date_gmt":"2018-12-10T00:00:00","guid":{"rendered":"https:\/\/cos.p10.sol1.net\/uncategorized\/what-you-must-do-in-the-event-of-a-data-breach\/"},"modified":"2022-06-28T05:34:58","modified_gmt":"2022-06-28T05:34:58","slug":"what-you-must-do-in-the-event-of-a-data-breach","status":"publish","type":"post","link":"https:\/\/www.cos.net.au\/c\/cospedia\/what-you-must-do-in-the-event-of-a-data-breach","title":{"rendered":"What You Must Do in the Event of a Data Breach"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"663\" class=\"elementor elementor-663\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-416c7a5f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"416c7a5f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-908d675\" data-id=\"908d675\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2da6e140 elementor-widget elementor-widget-text-editor\" data-id=\"2da6e140\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In February 2018 the <a href=\"https:\/\/www.oaic.gov.au\/privacy-law\/privacy-act\/notifiable-data-breaches-scheme\" target=\"_blank\" rel=\"noopener\"><b>Notifiable Data Breaches Scheme<\/b><\/a> came in to effect. This new law requires Australian businesses to immediately notify the Office of the Australian Information Commissioner &amp; (OAIC) and any affected parties should they experience a significant data breach. A data breach is when personal information is accessed or disclosed without authorisation, or otherwise lost. This law was designed not to protect the company that has experienced the breach but rather those people whose personal information has been released without their permission or knowledge.<\/p>\n<h2>Does this apply to you?<\/h2>\n<p>If you, as a business are required to comply with the Privacy Act (1988), then the Notifiable Data Breaches Scheme (NDB) applies to you. If you are one of the following, keep reading.<\/p>\n<ul>\n<li>Australian Government agency health service provider<\/li>\n<li>Any business or non-profit\u00a0organisation\u00a0with annual turnover of $3M or higher<\/li>\n<li>Credit reporting body<\/li>\n<li>TFN recipient (You hold a Tax File Number in your systems)<\/li>\n<\/ul>\n<h2>You will need to report if:<\/h2>\n<p>You discover there has been unauthorized access to, or disclosure of personal information of one or more individuals, OR Information has been lost that could be accessed by an\u00a0unauthorised\u00a0entity. To put it simply, if you believe that, as the result of theft or loss of information, there is a risk of harm to any party involved you are required to notify.\u00a0 \u201cHarm\u201d includes financial\/economic, emotional, physical, psychological or reputation harm. This applies even if someone\u2019s name is not directly linked to the breached data. If the data can be used to identify and harm someone then you must report it.<\/p>\n<h2>When do you need to notify?<\/h2>\n<p>If a breach occurs you must immediately contact the\u00a0<a href=\"https:\/\/www.oaic.gov.au\/agencies-and-organisations\/guides\/data-breach-preparation-and-response\" target=\"_blank\" rel=\"noopener\">Office of the Australian Information Commissioner<\/a>, identify your company, provide details about the definable breach and specifically detail what data has been released.<br \/>Organisations\u00a0are expected to have policies and procedures in place outlining the steps that must be taken in response to any privacy breach. This includes the role of staff when collecting, using, securing and disclosing customer information. A handy guide can be found\u00a0<a href=\"http:\/\/www.oaic.gov.au\/privacy-law\/privacy-act\/notifiable-data-breaches-scheme\/what-to-include-in-an-eligible-data-breach-statement\" target=\"_blank\" rel=\"noopener\">here<\/a>.<br \/>The penalty for not notifying the OAIC and affected parties includes fines of $360,000 for individuals and $1.8M for\u00a0organisations.\u00a0Companies that repeatedly experience breaches and do nothing to further protect their data can face much higher penalties, even if they continue to report the breaches.<\/p>\n<h2>How to prevent a breach<\/h2>\n<p>These new laws have been put in place to improve\u00a0data\u00a0security standards in Australian business.\u00a0Similar to\u00a0the General Data Protection\u00a0Regulation\u00a0(GDPR) of the EU, the focus is very much on the safety and security of your staff and customers.<\/p>\n<p>If\u00a0you\u2019re\u00a0worried\u00a0that\u00a0you\u2019re not doing enough to protect your precious data and prevent a\u00a0breach,\u00a0there are some important first steps to take.<\/p>\n<ol>\n<li>Know your vulnerabilities. <br \/>You\u2019ll need to understand all the ways hackers can access your information by identifying your points of weakness. This could be any number of tactics including malware threats, keylogging, phishing or spoofing. A little research goes a long way in protecting yourself. One overlooked point of vulnerability is wireless technology. With more of us working remotely we are putting our data at greater risk.<span data-ccp-props=\"{\">\u00a0<\/span><\/li>\n<li>Encrypt your data.<br \/>In today\u2019s mobile world we are using wireless technology everywhere. We use it to enter passwords, send personal data and share confidential company information, all of which can leave us at risk. Every point in a wireless system is potentially vulnerable and without proper security measures in place, your information could be stolen. Use AES technology to minimise this risk.<span data-ccp-props=\"{\">\u00a0<\/span><\/li>\n<li>Secure hardware. <br \/>It seems obvious enough, but not all data breaches are performed by hackers. Many cyber-attacks occur when physical electronic equipment is stolen. Be sure to secure all hardware in the office with lock ports, and when working on-the-go be sure to properly secure your laptops and devices at all times.<\/li>\n<li>Make security a part of everyday business<br \/>Your staff must be made aware that their own behaviour can put the company at risk. Educate employees of the possibility of cyber-attacks and ensure they are always on the lookout. Hackers have all kinds of ways of breaching security and an individual\u2019s desktop can be a great place to start, with tactics as simple as an innocent email attachment.<\/li>\n<\/ol>\n<p>Set up clear rules around internet use in the office and make sure staff are educated about what emails are safe to open and what they should be suspicious of. Keep security top of mind with regular email reminders and briefings regarding cyber-security in the office.<\/p>\n<h2>AES technology for data protection<\/h2>\n<p>Advanced Encryption Standard (AES) is an international standard for the encrypting and decrypting of data. Any time a device equipped with AES is used, the built in AES technology works automatically to protect your information.<\/p>\n<p><a href=\"http:\/\/www.cos.net.au\/Computer-Accessories\/Keyboards-and-Accessories\/Microsoft-850-Wireless-Keyboard-With-AES-DATA6086\">Keyboards<br \/><\/a>Wireless keyboards transmit information over the air which creates a point of weakness. A cyber-thief can easily intercept keystrokes and gain access to passwords and other vital information. AES encrypts your keystrokes before transmitting them to your PC or other devices.<\/p>\n<p><a href=\"http:\/\/www.cos.net.au\/index.html?pg=searchresultsdisplay&amp;search_type=K&amp;search_string=encrypted+USB&amp;search_values=&amp;searchlogtype=KE\">USB Drives<\/a><br \/>A PIN or password is set up when an encrypted USB is first used. This means that without the PIN the information is encrypted and un-readable. As soon as you enter your PIN your information is instantly decrypted and available for you to access. The computer or device you have used will have no trace of the data, or the PIN details once you have safely removed the USB, further protecting you from information theft.<\/p>\n<h2>Play it safe<\/h2>\n<p>You may not think too much about data security breaches but that\u2019s exactly the point of this new scheme. By having some basic security measures in place, you can save yourself from potentially damaging attacks as well as avoiding the loss of data and release of sensitive information.\u00a0<\/p>\n<p>The data breach notification laws are there to protect people, but they\u2019re also a good reminder for businesses to stay on top of their security and technology.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<div class='watch-action'><div class='watch-position align-left'><div class='action-like'><a class='lbg-style3 like-663 jlk' href='javascript:void(0)' data-task='like' data-post_id='663' data-nonce='a4a133807c' rel='nofollow'><img class='wti-pixel' src='https:\/\/www.cos.net.au\/c\/wp-content\/plugins\/wti-like-post\/images\/pixel.gif' title='Did you find this useful?' \/><span class='lc-663 lc'>+1<\/span><\/a><\/div><div class='action-unlike'><a class='unlbg-style3 unlike-663 jlk' href='javascript:void(0)' data-task='unlike' data-post_id='663' data-nonce='a4a133807c' rel='nofollow'><img class='wti-pixel' src='https:\/\/www.cos.net.au\/c\/wp-content\/plugins\/wti-like-post\/images\/pixel.gif' title='' \/><span class='unlc-663 unlc'>0<\/span><\/a><\/div> <\/div> <div class='status-663 status align-left'><\/div><\/div><div class='wti-clear'><\/div>","protected":false},"excerpt":{"rendered":"<p>In February 2018 the Notifiable Data Breaches Scheme came in to effect. This new law requires Australian businesses to immediately notify the Office of the Australian Information Commissioner &amp; (OAIC) and any affected parties should they experience a significant data breach. A data breach is when personal information is accessed or disclosed without authorisation, or &#8230; <a title=\"What You Must Do in the Event of a Data Breach\" class=\"read-more\" href=\"https:\/\/www.cos.net.au\/c\/cospedia\/what-you-must-do-in-the-event-of-a-data-breach\" aria-label=\"Read more about What You Must Do in the Event of a Data Breach\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":664,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8],"tags":[293,259,260,261,169],"class_list":["post-663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cospedia","category-productivity","tag-data-breach-notification-laws","tag-data-protection","tag-data-regulation","tag-data-security","tag-gdpr"],"_links":{"self":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts\/663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/comments?post=663"}],"version-history":[{"count":8,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts\/663\/revisions"}],"predecessor-version":[{"id":17353,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts\/663\/revisions\/17353"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/media\/664"}],"wp:attachment":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/media?parent=663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/categories?post=663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/tags?post=663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}