Business standpoint:
The OAIC has not yet enforced the requirement for businesses
to disclose a breach, however they do provide considerable support if you do
fall victim to a breach that compromises personal information. You can find further information in this Guide to handling personal information security breaches.
Reporting a breach does not preclude the OAIC from
receiving complaints and conducting an investigation of the incident (whether
in response to a complaint or on the Commissioner's 'own motion').
Make sure that your incident response procedures identify
the actions you will need to take if a breach to personal information were to
occur. Consider:
- Who you should contact, When, How?
- What information will you need to disclose?
- What immediate actions can you take to minimise the impact of the breach?
- Your communications strategy, will you need to contact those affected by the breach? When will you do this? How will you do this?
- How will you manage complains from individuals affected?
Who else can help?
- AUSCERT www.auscert.org.au
- CERT Australia www.cert.gov.au
- Specialist Consultants (such as CQR!)
How do I know I can trust a consultancy such as CQR?
- CREST Australia, assess and certify companies and staff for their proved technical ability
- Looking for companies that are ISO/IEC 27001 certified, ensures the company is compliant to security standards.
- You can check companies for their certifications through Jas Anz
Personal standpoint:
If you are not happy with the manner in which your personal
information is being handled by an organisation you do have some rights that
ensure that the organisation reviews your concerns or complaint.
Ensure you write a formal letter detailing what your
concerns are directly to the organisation and they will be obliged to manage
your concerns in a timely manner.
If you do not get a satisfactory result the OAIC is there to
help you. It is free to lodge a
complaint with the OAIC. You do not need
to be represented by a lawyer to make a complaint about your privacy. However,
if you do decide to hire a lawyer, you must pay for the lawyer yourself.
The website contains more information about your rights as
an individual at: www.oaic.gov.au/privacy/making-a-privacy-complaint
Other posts from Privacy Awareness Week
Privacy Awareness Week, Day 1: What is privacy and changes to the Act
Privacy Awareness Week Day 2: Protect your privacy online
Privacy Awareness Week Day 3: What you can do to protect your privacy when using mobile phones
Privacy Awareness Week Day 4: Business Obligations: What should I be doing to protect personal information?
Other posts from Privacy Awareness Week
Privacy Awareness Week, Day 1: What is privacy and changes to the Act
Privacy Awareness Week Day 2: Protect your privacy online
Privacy Awareness Week Day 3: What you can do to protect your privacy when using mobile phones
Privacy Awareness Week Day 4: Business Obligations: What should I be doing to protect personal information?
Yvonne Sears
Senior Security Specialist
Senior Security Specialist
@yvonnesearsCQR
www.cqr.com