Are You at Risk? New Australian Data Breach Law – February 2018

Does your business hold sensitive data about customers or clients?

On February 22nd 2018, Australia implemented mandatory data breach notification laws. As a business owner you need to know how this impacts you.

If your business has an annual turnover of $3 million or more or is governed by the Privacy Act, then if any sensitive data held by your business is breached or goes missing that could cause ‘harm’ to a client or individual, then you must report the incident to the Privacy Commissioner as well as your entire list of customers.

Examples of ‘Harm’ include but are not limited to;

  • identity theft
  • significant financial loss by the individual
  • threats to an individual’s physical safety
  • loss of business or employment opportunities
  • humiliation, damage to reputation or relationships
  • workplace or social bullying or marginalisation

Think about this. What would it do to your reputation if you had to notify your customers that your data had been accessed without authorisation.

Fines are not trivial and can total $360,000 for individuals as well as $1.8 million for companies.

Note that both individuals and organisations can be fined. This places further importance on staff training and data security plans for your business.

You need to have a solid plan to help protect your clients from suffering ‘serious harm’ if their details were to be taken.

No business will ever be 100% bulletproof – it is just not possible. The best method of defence is to follow four key security principles:

  1. Prepare – Develop a strategy to reduce the impact caused by a breach as well as develop a plan to make a security breach as unlikely as possible.
  2. Protect – The use of high quality security software and practices is a must. Staff need to be trained to be alert for ongoing potential threats such as malware or phishing emails. Limit the data you actually keep and control who has access to that data. The more important the data, the harder it should be to access.
  3. Identify – Engage an IT specialist team who can scan your systems constantly in an effort to detect suspicious behaviour around the clock. By identifying the issue, steps can be taken to mitigate risks and recover information. It is not uncommon for businesses to have been breached for months or even years without knowing about it!
  4. Recovery –A fast and effective recovery system is a must. What financial and reputational loss could occur in only a few days of your data being unrecovered?

To make sure you’re not in breach of the new data laws come and visit Macnair’s stand D07 (next to CPA Australia) at the Accounting Business Expo on the 21st and 22nd March 2018.

Click here to reserve your VIP Seat to any of our free seminars being held on our stand.


Not coming to the show? Call 02 8814 5011 or email  and we’d be more than happy to answer your questions.

Brad Lynch | Macnair |

About Author

Brad Lynch