Client Alert: Mandatory Data Breach Notification Laws Pass the Lower and Upper Houses of Parliament
On 13 February the Federal Parliament passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 into law (subject to royal assent) which has been three years in the making.
WHO DO THE PROPOSED MANDATORY NOTIFICATION LAWS APPLY TO?
The new law, which will come into operation 12 months after the day royal assent is received (or earlier by proclamation), applies to most Australian government agencies, all private sector and not-for-profit organisations with a turnover of more than $3 million.
WHAT IS A NOTIFIABLE DATA BREACH?
The legislation considers a notifiable data breach as one that would lead a reasonable person to conclude that there is a likely risk of serious harm to any of the individuals to whom the breached information relates to.
Such relevant breach information includes personal details, credit information and tax file numbers.
CYBER INSURANCE AS A SOLUTION
The costs involved in notifying affected people, employing a crisis communication team, establishing a call centre and providing credit monitoring can be substantial. Additional costs may also be faced from third party claims made following a breach notification.
Marsh has developed a range of tools and Cyber insurance policies to help our clients identify, manage, and transfer the risk associated with Cyber breaches.
The change in legislation requires immediate action from all organisations to ensure the ability to comply with the new requirements. Compliance with the requirements following a breach could be costly – all organisations need to assess and understand the risk of these potential costs and to consider how best to manage and transfer them.