Data breach lawyers

What is a data breach?

A data breach (Data Breach) has been defined by the Office of the Australian Information Commissioner (OAIC) in its guide to developing a data breach response plan as occurring when:

“personal information held by an agency or organisation is lost or subjected to unauthorised access, use, modification, disclosure or other misuse”.

Broadly, a Data Breach can also be described as an interference with the privacy of an individual.  An eligible Data Breach occurs when:

• there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
• the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

What steps must be taken when there has been a suspected Data Breach?

If there are reasonable grounds to believe that there may have been an eligible Data Breach, an eligible entity (APP Entity) must:

• carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that there has been a Data Breach; and
• take all reasonable steps to have the assessment completed within 30 days after the entity becomes aware of the suspected Data Breach.

How to minimise the risk of a serious breach

Certain preventive measures can be taken by businesses to reduce the risk of a breach being a serious breach, including:

• protecting the information/data that is stored by one or more security measures that are not likely to be overcome;
• using a security technology or methodology designed to make the information unintelligible or meaningless to persons not authorised to obtain the information; and
• ensuring that if the unauthorised information was obtained, it would be unlikely that the unauthorised persons would also be able to circumvent the security technology or methodology that had been put in place.

What is a Data Breach Response Plan?

Whilst the phrase Data Breach Response Plan is descriptive of its anticipated contents, the OAIC has defined the term to mean:

“A data breach response plan is one tool to help you manage a data breach. It is a framework which sets out the roles and responsibilities for managing an appropriate response to a data breach as well as describing the steps to be taken by an entity in managing a breach if one occurs”.

To assist with managing a Data Breach, the OAIC has prepared the following two (2) guides:

• guide to developing a data breach response plan; and
• data breach notification — A guide to handling personal information security breaches.

The benefits of having a Data Breach Response Plan

A Data Breach Response Plan may:

• reduce the cost of the data breach to your organisation (Note: According to the 2017 Ponemon Institute Report, the Cost of Data Breach Study, the average cost of a data breach to an Australian organisation is $141 per record);
• reduce the average cost of a data breach by around 10% (Note: Actions within the first 24 hours can greatly reduce the damage done to affected individuals);
• limit your legal liability to the affected individuals and under the Privacy Act;
• assist in remedying a breach before it becomes an eligible data breach requiring notification of the OAIC and affected individuals;
• limit the damage to your business reputation; and
• minimise the likelihood of receiving a penalty.

Videos about data breach compliance by Dundas Lawyers^®

Disclaimer

This page contains general commentary only about data breach compliance, you should not rely on the commentary as legal advice.  Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.

Why choose Dundas Lawyers^® to advise your business on a suspected Data Breach?

Having exerted Blood Sweat and Years^® since April 2010 we are the team you want on your side for the long term to act as the ‘bodyguard’ for your business, to ensure you comply with the Privacy Act and act fast in the case of a suspected data breach.  Some of the reasons client’s choose Dundas Lawyers^® include:

• our Uncommon business acumen;
• our Uncommon expertise in transactional, compliance and litigious matters;
• our Uncommon expertise technology law;
• our Uncommon customer focus;
• the fact that we don’t just know law, we know business!
• how we leverage our Uncommon Nous^® to provide client solutions.

Considering getting a lawyer to advise your business on a suspected data breach?

For a confidential, no obligation initial telephone call to find out how we can help your business in addressing a suspected data breach please phone our team on either 1300 386 529 or 07 3221 0013.

Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
T: +61 7 3221 0013 (preferred)
M: +61 419 726 535
E: mburrows@dundaslawyers.com.au

Alternatively complete the form below and we will respond to your inquiry within one (1) business day from the moment you press Submit!

Recent insights about data breaches