The recent news of Uber suffering a data breach is a timely reminder about the pending changes regarding mandatory data breach notification for Australian companies...and a good lesson in how to avoid your own data breach car crash.
Certain Australian companies will need to comply with the new legislation on 22nd Feb 2018, closely followed by the European GDPR legislation in May 2018.
The Uber breach is a great example of how not to handle a data breach incident. It was an exercise in poor governance, poor response planning, disregard for customers and nothing more than damage control - a lesson in what not to do on all levels.
The stand out Australian exemplar in responding to a data breach is the Red Cross Blood Service. Australian companies could learn much about what constitutes a good data breach response by reading their press release.
In light of more frequent and increasingly sophisticated cyber-attacks and incidents organisations will do well to increase activities to mitigate the consequences of inevitable data breaches. The primary objective at this juncture should be to implement measures which will mitigate the extent of any potential cyber-security event or data breach so as to limit liability, increase customer confidence, ensure reduced recovery time and costs, and to keep any reputational damage to a minimum.
We are working with many organisations to identify data breach exposure points in their people, process and technology, assessing risk and developing plans to meet the new privacy requirements. Get in touch to understand how we can help, read our latest insights here or learn more about the GDPR here.
Uber has revealed the personal information of 1.2 million Australians was compromised in the 2016 hack on the company...[and] included the names, email addresses and mobile phone numbers of customers