New Australian Data Breach Laws Set To Bring Unprepared Companies Down Under

Snitches get stitches.

It’s an old saying, indicating that tattling on others is a punishable offense.

But starting as early as this year, Australian companies may have to start snitching on themselves if they suffer a data breach, and nurse the stitches that come along with it.

New Australian data breach laws are currently being proposed in congress, and if passed, will make it mandatory for companies making over $3 million a year to notify customers and the public if they suffer a data breach.

Mandatory breach notifications are nothing new — the state of California enacted the law in 2002, and it has since been introduced over the rest of the US. You’re not reading about more data breaches taking place in America because more hacks are happening there- you’re reading about it because they’re the ones coming clean.

Now Australia is looking at getting in on the act, in a bid to protect both the general public, and indirectly, its companies.

 

How Badly Do Data Breaches Hurt In Countries With Strict Notification Laws?

Forget stitches — for the level of hurt suffered by companies in countries with mandatory breach notification laws, ‘reconstructive surgery’ might be a more fitting term.

The financial impact alone is huge. We would like to remind everyone of Target’s ever-growing data breach cleanup expense that last totalled at US$191 million.

Countries that have mandatory breach notification laws DO spend more money cleaning up afterwards. The 3 countries with the highest cost per record lost during a data breach (US, Germany and Canada) all have data breach notification laws in place, at least in some states. Coincidence? Hardly.

 

Countries with mandatory data breach laws have higher remediation costs.

Countries with mandatory data breach laws have higher remediation costs. 

 

America’s current cost per record is 120 AUD more than Australia’s — over 60% higher than Australia’s current cost per record of 188 AUD. The figures give us a grim glimpse into the possible financial armageddon that awaits companies that fail to protect their customer’s sensitive data.

That’s not all. What comes next is the onslaught of lawsuits. Home Depot, which suffered a hack in Sept 2014, has had over 50 lawsuits filed against them since over the breach.

Extravagant costs aside (which have already been counted in the cost per record), the legal headache and long, drawn out court battles are more than any company should have to deal with.

And of course, there are some things that you can’t put a price on, like consumer trust. That goes out the window when the media hangs you out to dry a few times a day for weeks after a breach.

 

Why We Need Mandatory Breach Notification Laws

The most obvious reason we need notification laws is to protect consumers from being unwitting victims of credit card fraud, or identity theft.

But the new law also serves to give companies the motivation they need to take data security seriously, a mindset that is both beneficial to organisations and its customers. No company wants to be tomorrow’s big data breach headline.

Also importantly, these laws will help give authorities a better understanding on cybercrime, including what attacks are being employed and where the attacks are coming from. This information will help us understand how to better stop and arrest cybercriminals.

 

ashley madison hack

They say there’s no such thing as bad publicity, but Ashley Madison received bad press for weeks after its data breach, to the point where their CEO and founder had to step down. [Read more]

What This Means For Companies

Whether breach notification is mandatory or not, it’s all irrelevant if you never get hacked. Simple, right?

Unfortunately, no. With breach notification laws in place, it was reported that 80% of companies in America last year were successfully hacked.

Building a strong data security infrastructure isn’t easy, but for all the reasons stated above, it’s definitely worth investing time, money and effort into.

A good starting point is to look at first complying with data security security standards, such as the PCI DSS. You probably already do have to comply with the standard, anyway- non-compliance can lead to heavy fines of up to $100,000. (Read more about that here.)

 

How Ground Labs Can Help

One part of the PCI DSS (and an all-around great data security measure to employ) is to reduce the amount of sensitive data on your systems.

Ground Labs’ line of data security software products help customers find and remove anything of value on the black market. This way, even if you do get breached, hackers will have nothing to steal from you.

Find out more about how our software can help you mitigate the risk of suffering a data breach here.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *