au iconAU



Kate Carnell urges action on incoming data laws as penalties reach $1.8m

The Australian Small Business and Family Enterprise Ombudsman is telling Australian small businesses to urgently prepare for the introduction of mandatory data breach reporting laws, which come into effect on 22 February this year.

Kate Carnell urges action on incoming data laws as penalties reach $1.8m
smsfadviser logo

“If an unauthorised entity accesses anyone’s personal information from a business computer system, where it is likely to result in serious harm to that individual, that data breach will have to be reported to the Office of the Australian Information Commissioner (OAIC), as well as the individual affected.

“An unauthorised entity could be an employee, an independent contractor or an external third party, such as a hacker,” said Kate Carnell.

“Serious harm to an individual may include physical, psychological, emotional, financial or reputational harm.”

Ms Carnell reminded small business owners of the serious penalties this legislation carries.

Small businesses can’t afford not to understand what the new laws mean to them, and yet I’ve read this morning a new study reporting 44 per cent of Australian businesses are not fully prepared,” she said.

“Another report by Telstra last year found 33 per cent of small businesses don’t take proactive measures to protect against cyber breaches.

“With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of a breach on a small business is devastating.”

You can access free government guides and resources to get you up to speed with the new legislation here.


Subscribe to Public Accountant

Receive the latest news, opinion and features directly to your inbox