Notifiable Data Breaches Scheme
On the 22nd of February in 2018, the Australian Government introduced a new section of the privacy act. This was a monumental decision brought on by massive data breaches, such as Catch of the Day (2011) and Ashley Madison (2015). The Notifiable Data Breaches Bill is expected to push companies to worry more about their cyber security. Mandated data security disclosure laws have been in place for 15 years in the US.
What is the legislation?
It is the Notifiable Data Breaches Scheme (NDB). Now when a business that suffers a data breach is required by law to inform the Australian Information Commissioner and any person who may have had their data compromised.
What is a data breach?
A data breach is an incident that involves unauthorised viewing or access of data. It is a security risk for all businesses that hold clients’ personal data. The breach is usually designed to steal or publish the data. This data includes customers’ credit card details, home address, or tax information. The NDB only refers to certain information
How does it affect me?
As an Individual, this is great news. No longer will you have to worry as to whether your data is truly safe as more businesses will focus on securing your data. When there is a data breach or personal information given to the wrong person, the company is obliged to let you know so that you can take what action you deem necessary to protect yourself.
As a small business, this could be troubling news. Over the past year, small businesses were urged to increase their cyber security. This has already seen a change in google ranking HTTPS websites over HTTP websites.
A data breach can no longer be kept quiet or swept under the carpet to avoid reputation damage. If it happens to you, you have to ‘fess up and suffer the reputation hit that goes along with it.
What should you do?
As a business operator it is timely to review your data security and make best efforts to prevent a data breach occuring.
Here are the most common openings for hackers:
Poorly chosen, insecure and even obvious passwords
Make sure that all users of your systems are using passwords that cannot be easily guessed or are a dictionary word.
Even if your software is still doing what it was designed for, if it has not been maintained regularly, there is a good chance that it now has gaping holes that a hacker can exploit.
As fast as people find security flaws or potential security flaws, patches are released to close them. The supporting language, platform and components all need to be kept up to date with the latest versions and security patches. Even worse, after a while old versions of languages are declared end of life and security patches are no longer even released.
Poorly software design and coding
There are plenty of online applications that have been developed on the cheap, or by programmers who didn’t understand how their coding choices could create security holes.
Make it a priority to start by addressing the above and your risk will likely drop very significantly.
There is certainly more that can be done to both protect yourself (and your customers) and to prepare yourself should you ever need it.
Perhaps that will be another article, but if you can’t wait, get in touch with the team at MindVision.