Cybersecurity for SMEs: Stay Ahead in the Flux of Change!
Cybersecurity has become a necessity no matter your business size.
As a business, you may have obligations under the Privacy Act regarding how you handle your customers’ and employees’ information.
Here’s your guide to understanding your obligations on managing a customer’s personal information.
The Office of the Australian Information Commissioner (OAIC) details which type of businesses the act covers. It refers to ‘organisations with an annual turnover more than $3 million have responsibilities under the Privacy Act, subject to some exceptions’.
Even if you are a small business with an annual turnover of $3m you may still have obligations under the Privacy act, such as if you:
Even if you are a small business with an annual turnover of $3m you may still have obligations under the Privacy act, such as if you:
Under the Privacy Act, personal information can be relatively broad and depend on whether a person can be identified or reasonably identified in a scenario. The act does not apply to the personal data of people who have died.
The OAIC says personal information can include:
The Federal Attorney-General’s department has been reviewing the Privacy Act 1988. It’s looking to broaden the definition of personal information to include identifiers, location data, online identifiers, and other technical details typically used in digital advertising programs. Fines and enforcement powers are also expected to increase, with the maximum penalty to hit $10 million.
Check this official website for updates on the review. You might also be interested in this government website about digital identity for business owners.
If you’re a business to which the Privacy Act applies, here’s how to protect your customers’ information, according to the OAIC. (It’s also good practice to follow even if the act doesn’t apply to you).
If the personal information your business holds is breached – accessed, lost, or disclosed without authorisation – you’ll need to report those (if eligible) to the Privacy Commissioner and affected individuals. Find out more about notifiable data breaches here.
Depending on your business activities and risks the following insurance cover may be appropriate:
We can customise insurance options that suit your unique business.
Article Supplied by OneAffiniti
Photo by Nuttapong Punna on Unsplash