Massive Fines for Data Breaches – Up to $2.1 Million

Posted on: April 8, 2020 9:24 am

Buyer Beware!

Any individual or organisation that is currently using Zoom Video Conferencing should as a matter of urgency review their own legal obligations to mitigate any legal action that can be brought upon them.

Current governmental laws state that of 22 February 2018, the legislative requirements under the Federal Government’s Notifiable Breaches scheme came into effect. The aim of this was to outline new standards of accountability and transparency to protect individuals’, personal information. As a business you have access to client records and private information and this information must be protected.

The scheme stipulates that any entity subject to the Privacy Act 1988 with an annual turnover of more than $3 million is required to notify individuals if their personal data has been involved in a serious breach. For those who don’t comply, the fines are up to $420,000 for individuals (serious or repeated interference with privacy) and up to $2.1 million for corporations.

When running your own business, it is important to ensure you are using secure electronic communication to protect the data of your clients. As technology progresses, the need for strong data management has become essential in ensuring compliance.
As with any personal data and information breaches, the accidental release of personal records and information can cause ‘serious harm’, ruin reputations and cause distrust of that organisation.

Harm can include psychological, emotional, physical, reputational or other forms of harm and ‘requires an objective assessment, determined from the viewpoint of a reasonable person in the entity’s position.

Here are some key points from the Office of the Australian Information Commissioner – OAIC on the Notifiable Data Breaches Scheme

What is a data breach?

A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure. An individual has the potential to be placed under serious harm as a result of a data breach or your business has not been able (or has not acted swiftly) to prevent this serious harm.

Examples of a data breach include when:

  • a device containing customers personal information is lost or stolen
  • a database containing personal information is hacked
  • personal information is mistakenly provided to the wrong person

The type or types of personal information involved in the data breach

Some kinds of personal information may be more likely to cause an individual serious harm if compromised. Examples of the kinds of information that may increase the risk of serious harm if there is a data breach include:

  • sensitive information such as information about an individual’s health documents commonly used for identity fraud (including Medicare card, driver licence, and passport details)
  • financial information
  • a combination of types of personal information (rather than a single piece of personal information) that allows more to be known about the individuals the information is about

Steps to take if a data breach occurs

There are three options for notifying affected individuals:

  • Notify all individuals whose personal information was involved
  • Notify only those who are at likely risk of serious harm; or
  • If direct notification is not practicable: publish the notification and take reasonable steps to publicise it.

Notification can be via your normal methods of communication.

The faster an entity responds to a data breach, the more likely it is to effectively limit any negative consequences. A data breach response plan is essential to facilitate a swift response and ensure that any legal obligations are met following a data breach.

It’s always easy to write your own obituary when you write it yourself!!!

Zoom Logo

It is strongly recommended that any organisation that is using Zoom Video Conferencing solutions ignore self-written or paid articles from Zoom itself and take immediate steps to ensure its own compliance with relative legislation governing data security.

In this current environment it is realistic to assume that shifting to a home office will become the new normal and it is also realistic to assume that Video Conferencing technologies will play a pivotal role in the survival of both individuals and organisations alike. Video Conferencing has become the preferred communications platform in the day by day running and engagement with key personal and clients to ensure that all organisations can remain relevant and viable.

There are many good business grade solutions available today that take this issue seriously and all users of Zoom should be looking to invest into a technology that that ensures security and removes any unnecessary pressure from its employees to share documents and collaborate in real time.

In our view the winning formula will be a cost effective highly featured end to end solution that utilise a familiar interface that is intuitive and easy to use.

A massive shift in the Australian market is currently underway as business look to transition to a creditable video conferencing platform ensuring the survival of the organisation itself and the retention of their staff.

Should you have any questions in relation to your available options or seek to migrate your current services away from Zoom please feel free to contact us directly.

Paul Denton
Managing Director
Video Dynamics Australia
Info@videodynamics.com.au
1800 80 80 84

Categorised in: