Privacy Check for Small Business
Federal Government has announced a new penalty regime under the Privacy Act. Upcoming amendments will increase business penalties to a maximum of $10 million OR three times the value of the benefit obtained OR 10% of the company's annual domestic turnover, whichever is greater.
The Office of the Australian Information Commissioner will also get increased powers. Australian Information Commissioner and Privacy Commissioner, Angelene Falk, said the changes will 'send a clear message to regulated entities that privacy responsibilities must be taken seriously.'
The Privacy Act applies to most businesses with an annual turnover of more than $3 million. It also applies to some other operators regardless of turnover, like medical centres, chemists, naturopaths, chiropractors, gyms and childcare centres.
'Customers care about their privacy,' said Send and Shred CEO, Jo Clay. 'Six in ten say they'll avoid dealing with a company if they have privacy concerns. Just look at the debates raging about Facebook, MyGov and MyHealth Record. Even if you're not covered by the Privacy Act, you need to get this right.'
According to the last Notifiable Data Breach Report, most business data breaches are due to a malicious attack. Hackers attack databases. Thieves steal paperwork or devices. Staff click on a phishing email.
Innocent human error is the next big risk. Staff lose paperwork or fail to shred it. They send emails or letters to the wrong recipient. They publish or say things they shouldn't.
'Big businesses spend a lot of money on cybersecurity and destruction services,' Jo said. 'Small businesses don't have those resources, but they still need protection. Last year, the average business data breach cost $1.99 million in Australia. The damage is too costly to ignore.'
Any advice for small businesses?
'Set aside a day to audit your security,' Jo said. 'Check your firewalls and cybersecurity. Hire a shredding company or buy some shred bags. Train your people to use them. Get advice if you need it, but don't ignore this. A single breach could sink your brand.'