Today is a significant day for lovers, but for businesses today is important because it leaves them one week to prepare for the start of the new Federal Data Breach security law enacted under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (“the Act”).
Andrew Smyth Partner - Technology, Business, SMSF & Litigation, warns of the pitfalls with the new cybersecurity Laws. Failure to comply with the laws exposes businesses to crippling fines in the millions of dollars. From 22 February a significant number of businesses must comply with the Act.
Apart from its clunky name, the legislation is convoluted and not particularly well drafted. Accordingly, it can be difficult for businesses to identify if the legislation applies to them and how to comply with it. Andrew Smyth says, “for example, it applies to businesses with turnover of $3 million, but that is not just in the last financial year. It applies if the turnover exceeded $3 million in any of the last 17 years.”
You might think but my business is small it would never apply to me? Maybe, however if your business collects Tax File numbers it applies regardless of turnover.
You don’t collect Tax File numbers and your turnover is less than $3million, so you must be exempt? Maybe, but if your business deals with health services you will also be captured by the legislation. There are actually quite a large number of exceptions to the ‘doesn’t apply to small business’ rule.
Of particular note it is important for businesses to understand the legislation is not simply an IT issue. It is a compliance issue. At a Federal Government level we have just seen how the seemingly innocuous act of offloading preloved office furniture has led to what some regard as the single biggest data debacle this country has ever seen. A process and procedure oversight saw an old government filing cabinet full of top secret documents sold as second hand furniture. While government might take a hit in the polls over this issue, if a business fails to comply with the Act then you are exposed to millions of dollars in fines.
If you would like to know how to minimize your exposure please contact: Andrew Smyth (07) 5576 9999.