According to David Glinatsis, Solicitor Director, Kreisson Legal , Sydney, banks, retailers, manufacturers, exporters and any other organisations that store personal information should pay attention to the contents of the report released by the Australian Law Reform Commission into privacy laws in August 2008. Kreisson Legal provide a short review about the report and the importance of breach notification guide to prevent privacy leaks.
The report contains recommendations for the overhaul of the Commonwealth Privacy Act which has been in operation for the last 20 years. The Privacy Act sets out 10 National Privacy Principles which protects personal information handled by most public sector organisations and businesses with an annual turnover of more than $3 million.
The Privacy Act, however, has not kept up to date with developing technologies such as the Internet, electronic data bases, mobile phones and credit cards. One of the key recommendations of the review is to get businesses to implement a breach notification policy. Consistent with this recommendation and in response to a series of global privacy breaches, the Office of the Privacy Commissioner has published a breach notification guide to assist agencies and organisations to respond effectively to security breaches of personal information.
Issued in August 2008, the breach notification guide identifies some of the key matters that businesses should consider when responding to breaches of personal information security breaches. According to David Glinatsis, Solicitor Director, Kreisson Legal, recent security breaches in Britain and North America provide alarming examples of personal information loss caused by missing disks of bank details and financial status.
In mid November 2008, the Sydney Morning Herald outlined results of a survey conducted by a computer security company which found 79% of Australian businesses know they have lost sensitive information about themselves or their customers. The Sydney Morning Herald reports that data losses cost one industrial company $8 million.
The information that is going astray includes customer and financial details, employee records and competitive intellectual property. The way organisations manage and handle personal information is a key business issue. The loss of personal information is not only a breach of the law, but also a serious business risk which can have an impact on the company’s reputation because of negative publicity.
In the current market, such negative publicity could tip some companies over the edge if they are hanging on financially. Currently the breach notification guide is not mandatory and is advisory only. Compliance with the breach notification guide is therefore voluntary but the time may soon arrive when some of the principles established by the breach notification guide may become law.