On the 22nd of February 2018, legislation was passed that now makes it mandatory for businesses with turnover not exceeding $3million to report data breaches of certain types of customer data and information, to the Office of the Australian Information Commissioner (OAIC), and also any potentially affected individuals. Such data includes tax file numbers, banking details, credit card information, driver’s license information and others.
A data breach is defined as an instance where the data has been accessed or available to people who should not have access to it. For more information about what constitutes an eligible Data Breach, please see attached document.
IT security technology is advancing at a phenomenal rate, and likewise, the technology being used by organisations whose intention it is to exploit victims by misusing their personal\private data is also becoming more sophisticated every day. What was considered to be “safe” IT methodology and technology last year may not be considered safe today.
Organisations\companies who are custodians of customer data NEED TO ensure that their customer data is being safely stored and managed, so as to avoid data breaches taking place. 3 simple examples of data breaches occurring are:
- A laptop containing customer data being lost\stolen\left somewhere
- A smartphone\mobile device\tablet containing customer data is lost\stolen\misplaced
- Remote access technology is not secure and updated
What can you do to reduce the chances of a data breach? Some initial basic measures are:
Install an industry leading Antivirus and Anti malware software (Webroot and Malwarebytes)
- Use industry leading backup software with password protection and / or encryption
- Implement a sign-off register for staff who take USB backup drives offsite
- Secure your remote access processes by using VPN technology
If you have any concerns about the vulnerability of the customer data in your care, please read the information brochure linked below, and\or contact All Computer Services by emailing firstname.lastname@example.org