New Australian Privacy Principles
New Australian Privacy Principles (APPs) apply from 12 March 2014. Compared to the current privacy laws, the new laws place greater responsibility on organisations to ensure that they have comprehensive and transparent practices, procedures and policies regarding privacy in place.
As such, a review of current privacy policies must be conducted to ensure they are up-to-date and compliant with the new laws, especially in relation to:
- How the company holds, collects and uses personal information
- The purposes of holding, collecting and using personal information
- How the company handles complaints in relation to its collection or use of personal information
- The deletion of data that is no longer required for business, legal, privacy or regulatory purposes
Consequences of Privacy Breaches and Non-compliance
The risks associated with data privacy breaches and subsequent non-compliance can have serious implications for an organisation’s financial, reputational and operational activities.
From March 2014, breaches of the Privacy Principles will not only damage a company’s reputation if reported publicly, but also carry fines of up to $1.7 million. Furthermore, the company risks exposure of confidential personal or business information (both internally via a potentially disgruntled employee and externally through cyber attacks) and a reduction in the capacity to perform its operational functions or activities.
Is Your Business Covered?
As the volume and complexity of electronic data increases, so do the challenges associated with how that data is collected, managed, stored and protected. The tough penalties enforced for data breaches are not covered by standard business insurance policies. These policies will only provide cover for tangible assets and nothing beyond this.
This is where Cyber Insurance is designed to assist companies. The new privacy laws have seen a growth in demand for this product, and have seen it become even more relevant. Cyber Insurance protects companies from exposure to cyber crime and whilst all Cyber Insurance policies differ, most will cover multiple third party cyber exposure claims arising from network outages, the spread of viruses or malicious code and computer theft and extortion. They should also cover first-party losses including public relations costs, recovery of lost data, business interruption costs and legal fees, client notification expenses, regulatory fines and IT forensic investigation fees.