What will privacy data breaches cost your business?
A new age for data privacy in Australia will begin on 22
February 2018. Recent
legislation regarding mandatory data breach notification has
two direct consequences on all Australian organisations with an
annual turnover exceeding $3 million:
companies will need to inform all third parties affected by an
eligible data breach.
firms may be held liable for breaches occurring across their
There are many implications for the main guardians and users of
vendor and financial data: operations, finance and IT executives
alike will need to keep in mind the possibility of class actions in
relation to breaches, a million dollar-plus price tag for
non-compliance, and a more stringent vendor selection and
Case study: Paws for thought – what happens when a pet
supply retailer's customer data gets hacked?
PetScience* is an Australian online retailer with a global
supply chain. They are a leader in providing accessories for pets,
ranging from food supplements to medical devices and toys, with an
annual revenue exceeding $150 million. PetScience manages a broad
set of vendors, and operates a rewards program for veterinarians
across Australia, connecting referrals to generous discounts and
But what if one of PetScience's IT vendors suffered a data
breach, and the information related to the rewards programme,
totalling 20,000 email addresses, names and vet practice
information, was stolen?
in 2017 PetScience...
in 2018 PetScience...
May not have had to notify impacted individuals.
Might pay between $350,000 and $1.8 million in fines AND
notification costs to all impacted individuals in addition to other
breach-related costs (crisis management, breach recovery and
No notice given, therefore no personal complaints, and no legal
Might face a class action suit with a hefty price tag over
Would not have been held liable for the data breach within its
Would be held liable for the breach, and face an enquiry over
data privacy compliance across its supply chain. Also the IT vendor
would be obliged to notify impacted individuals.
*this is a hypothetical example.
There are practical steps that a business of any size can take
to ensure compliance with the new laws, assess its supply chain,
and prepare for the eventuality of a breach.
Our privacy practice has put together affordable and
compliance packages that can help.
here to find out more.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
It will soon be mandatory to notify the OAIC and any potentially affected individuals of an "eligible data breach".
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).