Story image

Law firm warns Australian firms: Get your data breach protection toolkit ready now

25 Jul 2016

Australian organisations are becoming increasingly targeted by 'aggressive' cyber litigation, and may be on the increase with Australia's upcoming mandatory data breach reporting requirements, says law firm Jones Day.

Adam Salter, one of Jones Day's Cybersecurity, Privacy & Data Protection partners, believes that the increase in hacking and the upcoming breach requirement laws, businesses must start getting ready for the mandatory compliance, as the Bill is currently before parliament and seems to have bi-partisan support.

 “Based on our experience in other jurisdictions that have introduced mandatory data breach notification, such as the U.S. and the EU, companies that are not adequately prepared are at greater risk of being sued by their corporate customers (for breach of privacy obligations embedded in their customer contracts) and by consumer customers,” Salter says.

Alastair MacGibbon, the Prime Minister's Special Adviser on Cybersecurity, says that complacency is not an option for anyone in the cyber risk war.

“The Australian government recognises that we must lead by example when it comes to detecting, deterring and responding to cyber threats and risks. But we cannot do this in isolation. It is absolutely critical we partner with and have the support of businesses to drive and implement the initiatives we outlined in our Cyber Security Strategy. Strong cyber defences have much wider ranging implications than most people realise – it has huge benefits to our economy, improves social opportunities of connecting online and boosts our national prosperity," says MacGibbon.

In addition, Mauricio Perez, a New York based Jones Day's Cybersecurity, Privacy & Data Protection partner, says the United States has seen many cases of private class actions and government enforcement since mandatory data breach notification was implemented.

“Data breach notification has the positive effect of providing due warning to potentially affected individuals to enable them to take appropriate steps to guard against identify theft, and other potential harms. Breach notification also means that cyber breaches could now be very public events that can result in private litigation, reputation and brand harm, and lead to governmental investigations, thereby increasing the legal risks to the reporting business," Paez says.

Eddie Sheehy, cybersecurity CEO of Nuix, says data protection must involve an 'holistic' approach, bringing in stakeholders across all organisational departments.

“Building a culture of security in an organisation must be a top priority for executives, starting with an understanding of where the crown jewels are kept and then having a strategy in place to protect them from insider threats," says Sheehy.

How how do Australian organisations comply with data breach requirements? Salter says that a review and improvement of data security, policies and guidelines is the first step, making sure that there are systems to deal with issuing data breach reports to customers and authorities. This also decreases litigation risks, however offshore data and cloud storage could still be issues.

“In particular, businesses should review (or if not already in place develop) risk management and compliance policies and procedures to both prevent data breaches and deal with them, in the unfortunate but increasingly  likely event that they occur,” Salter concludes.

DDN completes Nexenta acquisition
DDN holds a suite of products, solutions, and services that aim to enable AI and multi-cloud.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
Nuix eyes legal sector as eDiscovery demand skyrockets
eDiscovery must encompass so much more than email and documents. If you haven’t looked at text messages and online chats, digital images, mobile devices, data in the cloud and social media, you’re not getting the whole story.
New ACS report reveals challenges ahead for blockchain
“Blockchain has some way to go before it becomes a mainstream technology."
Gen Z confidence in the economy is on the decline
Businesses need to work hard to improve their reputations.
Dell EMC launches interactive AI Experience Zones
The AI Experience Zones are designed to educate visitors about how to start, identify, and implement an AI project.