A data breach occurs when a person, or a business, has their personal information accessed or disclosed without their authorisation. These breaches are becoming more common in the 21st century. Anyone who relies on a data-laden business model should be mindful of their obligations under all relevant privacy laws. In particular, the Privacy Act 1988 (Cth) should be the foundation that guides employees when undertaking any data analysis or related work.
This article will explain the nature of a data breach, and how to protect yourself.
How Does a Data Breach Occur?
In today’s day and age, data breaches can occur quite easily. This is understandable, however. We are, in essence, shifting into the technological era of mankind. With that, our information is quickly becoming digitalised. This provides hackers and scammers with more opportunities to access your information, and cause serious damage.
Here are some ways that a data breach may occur:
- Poor protection of your database, including weak passwords and system vulnerabilities.
- Missending emails and letters.
- A USB or mobile phone which holds important information about a business may be stolen.
- Employees may accidentally share sensitive business information.
- Unintentional virus downloads.
How Can I Reduce the Harm of a Data Breach?
A data breach can cause serious damage. For example, the Nova Data Breach in 2019 saw over 250,000 listeners have their personal information, including their addresses, disclosed to the public. Additionally, NAB accidentally shared the personal information of around 13,000 customers with data service companies. This is problematic as it can place businesses in significant financial peril, both due to the inevitable lawsuits imposed by clients, as well as the damage such breaches can cause on a business’s reputation.
Though there is no way to completely shield yourself from a data breach, here are some ways you can reduce the harm:
- Use strong and secure passwords: use unique passwords that are not obvious. Hackers will be able to acquire your personal information, so using personal passwords are extremely guessable and predictable.
- Constantly monitor bank accounts and credit reports: though it may be tedious, it is important to keep an eye on all money that comes in and out of your business. This will allow you to flag anything out of the ordinary, and ensure there are no ambiguities.
- Secure phones and emails: Ensure that all business mobile phones have passwords. Furthermore, it is also important that management is alerted when an employee sends a work email to a third party outside of the business.
- Use social media appropriately: Do not share sensitive information about your business on social media platforms. Rather, use social media to advertise your business on its face, and offer contact details for consumers to further inquire on their own behalf.
What do I do if my Data is Breached?
If you receive a notification that your data has been breached, it is important to address it quickly. Firstly, a data breach plan should exist in all businesses, which provides the processes necessary to combat data breaches. Upon consulting with this plan, the responsibilities of each employee should be clear.
Secondly, it is important to ensure all systems and databases are secured in order to prevent any additional breaches. Once secured, assessing the seriousness of the breach is necessary. This will allow management to determine the nature of the breach, and whether it was illegal, or merely a mistake.
Lastly, and most importantly, all affected individuals, as well as the ‘Office of the Australian Information Commissioner’, must be alerted to the breach, and the potential harm it could cause.
To Sum Up
No one is completely protected from a data breach. However, there are ways to mitigate the chances of such a breach. If your business becomes victim to a data breach, it is important to follow the steps provided in this article.
If you would like to speak with our technology lawyers, just contact us via 1300 337 997 or by filling out the contact form.
Daniel is a legal intern at OpenLegal, placed in our legal content team. He is currently studying a Bachelor of Laws at the University of Technology Sydney. Daniel's interest lies in economics and media/startup law.
Phil is a director at OpenLegal. He has over 16 years experience working in private practice and in-house counsel in Sydney and London, giving him expertise in employment law, IP, finance, leases, dispute resolution, insurance and contracts.
