From 23 February 2018 your business has a statutory obligation to report a data breach involving personal information to the Australian Information Commissioner. If this is not handled correctly your business could be at serious risk.
Who is subject to the Privacy Act?
All businesses and not-for-profit organisations with an annual turnover of more than $3 million are subject to the Privacy Act 1988 (Privacy Act).
If you do not comply with the provisions of the Privacy Act as far as collection, use, storage and disclosure are concerned or if correct procedures are not followed then you could be the subject of an investigation by the Commissioner and could face civil penalties for individuals up to $360,000 and up to $1,800.000 for companies. In addition the reputational risk to your organisation could be significant.
We urge you to assess how you and your business are handling and protecting your clients’ personal information.