Business Bytes: New Data Breach Notification Laws

As part of K&L Gates' Business Bytes video series, Cameron Abbott, discusses the new data breach notification laws.
 

Transcript
Businesses need to know that on 22nd February, the mandatory data breach reporting regime came into effect.

If you have a data breach and it might have a serious impact on the individuals affected, that is enough to require you to report that to all the individuals and to self-report to the regulator; AUD2.1 million fine for corporations if they don’t. But more concerning I think is the brand impact of having to confess to your entire customer base and no one is very keen on confessing to the regulator who then is empowered to take enforcement proceedings under privacy laws for the breach in the first place.

So what are our clients doing? Finalising proper, well thought out data breach plans, not waiting until the event occurs to then panic. But they're also looking at their privacy compliance more carefully both internally and externally through their supply chain to try and reduce the risks of the data breach occurring in the first place, because the stakes have got a lot higher after 22 February.