Home Business IT Security Businesses unaware and unprepared for privacy reforms


JUser: :_load: Unable to load user with ID: 3653

Businesses unaware and unprepared for privacy reforms

  • 17 October 2013
  • Written by 
  • Published in Security

Over one third of Australian businesses are in the dark about amendments to the Privacy Act which are due to come into effect March 2014, new research shows.

The finding comes from ‘The Enemy Within’, a research report that was released today by cyber-security firm Clearswift, which found a major lack of awareness amongst businesses about upcoming changes to privacy legislation and wider challenges.

78% of IT security decision makers admitted it is difficult to keep up with the ever changing security landscape, while almost a quarter of organisations (24%) have suffered some form of data security incident in the past 12 months

The proposed mandatory data breach legislation could come into effect next year, meaning businesses should start learning about how they'll be affected.

The legislation, which will require organisations to report data breaches they suffer to impacted customers, has yet to enter most organisations’ security considerations, with 73% of IT decision makers indicating they are unaware of the proposed legislation.

Michael Toms, Clearswift ANZ Regional Director, said he's alarmed by the number of organisations unaware of the upcoming changes to legislation and the lack of business preparedness.

“We are surprised by not only the number of organisations unprepared for the significant impact these legislative changes will have on their business, but that many businesses aren’t even aware of that the changes exist. Over half of the respondents we surveyed work in compliance so it’s concerning those responsible for ensuring their business is on top of the regulatory environment are in the dark,” Toms said.

“The new legislation encourages more transparency for customers in how their data is being used, with increased powers for the privacy commissioner and large fines of up to $1.7 million for non- compliance. That type of fine is not small change for many Australian businesses so it’s vital businesses take action now to protect the sensitive information they hold.”

Toms also warned that businesses should not just be reacting to changes in government legislation when it comes to avoiding data breaches.

“The real focus shouldn’t be in complying with the proposed legislation in the event of a data breach; rather investment should be made to avoid breaches in the first place. The reputational damage a breach can have on an organisation is huge and will become greater as changes to legislation increase transparency," he said.

“The first step any business should take to protect the information it holds is to assess where the risk of data breaches could come from. Given breaches are more likely to come from an employee sending an email to the wrong recipient or via a personal email account than a large scale espionage hack, resources and policies should be in place that reflect that."


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?