Privacy law changes: Key actions to ensure compliance

A new age for data privacy in Australia will begin on 22 February 2018. Recent legislation regarding mandatory data breach notification has two direct consequences for all Australian companies with an annual turnover exceeding $3 million:

• companies will need to inform all third parties affected by an eligible data breach.
• organisations may be held liable for breaches occurring across their supply chain.

The implications are numerous for the main guardians of data privacy policies and compliance: general counsel and legal officers alike will need to keep in mind the possibility of class actions in relation to breaches, a million dollar-plus price tag for non-compliance, and a more stringent vendor selection and management process.

FutureStem* is a life sciences research and development lab. The $10 million annual revenue innovation hub has multiple partnerships with global players in the sector, but maintains a lean, independent structure. It relies on a third-party facility for a variety of analyses, and thus shares a large portion of its testing information.

But what if the third party testing facility suffered a data breach, and personal information related to FutureStem’s research projects were stolen and posted on social media sites?

 *this is a hypothetical example.

There are practical steps that a business of any size can take to ensure compliance with the new laws, assess its supply chain, and prepare for the eventuality of a breach.

Click here to learn more about our affordable and comprehensive compliance packages.