With mandatory data-breach reporting laws coming into effect from February 22, the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) has urged small businesses to be prepared.
ASBFEO Kate Carnell says any unauthorised access or data breach of someone’s personal computer from a business computer system where serious harm is likely will have to be reported to the Office of the Australian Information Commissioner (OAIC) as well as the individual affected.
“An unauthorised entity could be an employee, an independent contractor or an external third party such as a hacker (via cyber attack),” she said. “Serious harm to an individual may include physical, psychological, emotional, financial or reputational harm.”
Ms Carnell warns that this legislation carries significant financial penalties and would affect any small business that collects personal information from their customers and staff.
“Small businesses can’t afford not to understand what the new laws mean to them, and yet I’ve read this morning a new study reporting that 44 per cent of Australian businesses are not fully prepared,” she said.
“Another report by Telstra last year found 33 per cent of small businesses don’t take proactive measures to protect against cyber breaches.
“With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of a breach on a small business is devastating.”
Ms Carnell says information on what a breach is, how to report a breach, or how to take steps to avoid notification in a timely manner can be accessed from the OAIC website.
“With the new laws commencing in around three weeks, I suggest small business operators also read our Cyber Security Best Practice Guide, which was released earlier this month,” she said.
“This free guide will help small businesses understand the risks and how to prevent cyber attacks. It explains very simply what cyber security is and who to talk to, and provides links to further information.”