Solista, Vormetric and Deloitte tell Australia to prepare for Mandatory Data Breach reporting

Solista, Vormetric and Deloitte tell Australia to prepare for Mandatory Data Breach reporting

Last month Solista hosted a lunch with Vormetric and Deloitte.  Here are some of the salient points.

Mandatory data breach reporting legislation in Australia is lurking and as consumer surveillance awareness grows, data privacy has become a global conversation

The looming legislation in Australia reflects what is already happening around the world and though mandatory data breach reporting is not currently in effect, we urge Australian businesses to adhere to best practice measures regarding data security.

The most common question we get asked is  how  can our customers  maximise commercial opportunities from the information that they collect

Todays problem: Everyone has realised data is money, the more you collect the more you know about customers. But how do you balance that without crossing the creepy line and ensuring that you are doing the right thing by your customers? If you have arrangements with third parties where data is being disclosed, are you confident that you know where the information is and are you telling your customers where it is potentially going?”

We believe best practice standards equates to high levels of data security and separation of duties so no one person within an organisation has control over data. If businesses encrypt their source information to a globally accepted standard, there is a chance the company will not have to report the breach to a privacy commissioner in the event of a cyber-attack.

Under the proposed legislation, businesses have a 30 day period to notify a privacy commissioner.  Vormetric’s advice was not to report immediately.

“You should take time to assess what has happened and get the facts straight. In some cases, you have the ability to request an extension with a privacy commissioner. There is flexibility within the legislation.”

The legislation also upholds that in the event of a data breach, every individual who has potentially been compromised is to be notified.