Cyber Security News

Do You Know Your Cyber Security Legal Responsibilities?

We know talking about legal obligations isn't the most exciting topic, but it is an important one.

As you already know, the business landscape is full of regulations, and cyber security is just one of the many responsibilities you have as a business leader.

As a professional service provider, you have some specific legal obligations when it comes to data protection. These obligations are outlined in the Privacy Amendment Act 2017 (Notifiable Data Breaches) that came into effect in 2018 and applies to organisations that handle personal information or have an annual turnover of more than AUD 3 million.

If that applies to your business, one of your fundamental obligations under the Privacy Act is to have a privacy policy that sets out how you will collect, use, and disclose personal information. This policy should be easily accessible to your clients and should outline their rights to access and correct their personal information.

But it's not just about having a policy in place; you also must protect the personal information you hold. This includes taking reasonable steps to secure the information from unauthorised access, use, disclosure, or destruction.

For example, you should have appropriate security measures in place, such as firewalls and password protection, and you should only allow access to personal information on a need-to-know basis.

And there are even more specific requirements for certain types of personal information.

For example, suppose you handle sensitive information, such as health information or information about an individual's racial or ethnic origin. In that case, you need to have the individual's consent before collecting, using, or disclosing that information.

It's also important to note that the Privacy Act applies to personal information that is transferred to others. If you transfer personal information to others, you need to ensure that the recipient of the information has appropriate safeguards in place to protect the information.

As of now, violations of the Privacy Act can result in fines of up to AUD 420,000 for individuals and AUD 2.1 million for organisations. These fine thresholds will only increase over time, so you must understand and comply with your obligations under the Act.

In summary, as a business owner or manager, you have legal obligations regarding data protection. This includes having a privacy policy in place, protecting personal information, and complying with specific requirements for certain types of information.

And remember, non-compliance can result in hefty fines.

So, take the time to understand and comply with your obligations under the Privacy Amendment Act 2017.

For more cybersecurity tips and techniques for professional service providers, why not tune into the Cyber Heroes Podcast, where we talk about how to protect your people and reputation, strengthen your cyber posture, create a culture of cyber savviness, and the many cybercrime lessons being learned around the world every day?