In an increasingly connected world, our personal information is being stored in more and more places. Sadly, this also gives hackers many more locations to attack in order to obtain this personal information.
While it's not always possible to prevent these attacks from succeeding, new legislation from the Australian Government will require companies to disclose when a sizable data breach occurs within their organisation.
Previously there were no concrete laws surrounding the disclosure of such events, which allowed companies to hide their security faults from users - potentially endangering the security of all those who were affected.
Should a breach be suspected by an organisation covered by the Privacy Amendment (Notifiable Data Breaches) Bill 2016, they must undertake an investigation within 30 days to determine if a breach truly has occurred, and whether notification is required of them. If it is shown that there was a breach of users' details, there are guidelines on how customers will be notified, as well as some further requirements from the organisation.
The new bill will apply to all agencies and organisations governed by the Privacy Act. This means state government agencies, and companies with less than $3 million annual turnover will not be required to comply.
While this bill is a big win for users in their rights to know how organisations are handling their personal information, it most certainly has been a long time coming. The Labor government first introduced a very similar bill in 2013, but was defeated by the Coalition. The Liberals had pledged to put a system such as this in place by 2015, but missed that deadline as well.
It may still be an organisation's responsibility to ensure the personal details of its users are kept secure, but at least with the passing of this bill, there are specific laws around informing those that may be seriously affected by having their personal details stolen. This will hopefully prevent situations such as the Yahoo breaches that were not made public to its users for over three years.
If you have any concerns around the security of your business systems or are concerned that you may have been the target of an attempted data breach, talk to our Altitude Innovations Team who can assist you with analysis, remediation, and prevention against potential data leaks.
Written by Brendan Cole