Organisations are collecting, holding and processing more data than ever before. As businesses continue to transition to digital platforms, e-commerce solutions and digital storage of information at scale and at pace, the frequency and sophistication of cyber-attacks continues to increase.
Partner Richard Wells and Senior Associate Suzy McMillan lead the firm’s privacy practice. In this episode, they share their recommendations for preparing for, and managing, a data breach which aligns with the Office of the Privacy Commissioner’s guidance.
Before the breach: Plan, plan and plan some more
To ensure a fast and efficient security breach response, [01:41] organisations should invest in upfront security measures, map their information assets, carry out regular security audits, invest in cyber insurance and train their staff.
Crucially, they should also develop and invest in [10:36] a comprehensive Data Breach Response Plan to guide them through the four-step process of containment, evaluation, notification, and prevention. Because despite their best efforts, cyber incidents and data breaches can, and will, happen.
Notification of breach and assessment of ‘serious harm’
[12:00] The new mandatory privacy breach notification regime within the Privacy Act 2020 (Act) specifies that if a breach meets the threshold of ‘serious harm’, organisations are required to notify the Office of the Privacy Commissioner and affected individuals.
[12:35] Richard and Suzy discuss the various factors that should be considered when assessing ‘serious harm’ under the Act, and [15:48] how organisations should interpret the requirement to notify “as soon as reasonably practicable” ([18:52] including some key learnings around ‘comms’).
Please get in touch to receive an episode transcript, and don’t forget to rate, review or follow the Tech Suite wherever you get your podcasts. You can also sign up to receive technology updates via your inbox here.
Read more of our related insights.View all insights