Big Data – Privacy Standards = Trouble

Author:

 

Publication April 2017


Why do CMOs need to prepare for the new data breach notification laws?

A new age for data privacy in Australia will begin on 22 February 2018. Recent legislation regarding mandatory data breach notification has two direct consequences on all Australian companies with an annual turnover exceeding $3 million:

  • companies will need to inform all third parties affected by an eligible data breach.
  • organisations may be held liable for breaches occurring across their supply chain.

There are many implications for the main guardians and users of consumer data: chief marketers, branding and CRM executives alike will need to keep in mind the possibility of class actions in relation to breaches, a million dollar-plus price tag for non-compliance, and a more stringent vendor selection and management process.

 

Privacy Compliance Manual Infographic 10 year comparison

 

 

Case study: Privacy data breach at food company leaves a bad taste in the mouth

FoodiesUnited* is a fast-growing, mid-sized business managing gourmet tasting events across Victoria and New South Wales. It’s an ambitious organisation with annual revenues averaging $30 million. Their relationships are their greatest asset: to foodie customers, to vendors and to social media champions who have fuelled their success.

FoodiesUnited is currently using a cloud-service provider to manage and store its customer information. But what if this third party suffered a data breach, and 20 percent of FoodiesUnited’s customer data was stolen?

in 2017 FoodiesUnited...in 2018 FoodiesUnited...
May not have had to notify impacted individuals. Might pay between $350,000 and $1.8 million in fines AND notification costs to all impacted customers in addition to other breach-related costs (crisis management, breach recovery and reputational damage).
No notice given, therefore no personal complaints, and no legal action. Might face a class action suit with a hefty price tag over several years.
Would not have been held liable for the data breach within its supply chain. Would be held liable for the breach, and face an enquiry over data privacy compliance across its supply chain. Also the cloud-service provider would be obliged to notify impacted individuals.

 *this is a hypothetical example.

There are practical steps that a business of any size can take to ensure compliance with the new laws, assess its supply chain, and prepare for the eventuality of a breach.

Our privacy practice has put together affordable and comprehensive compliance packages that can help. Click here to find out more.

Our Asia-Pacific head of technology and innovation, Nick Abrahams, discussed the cost of data breaches in CMO. Click here to read the article.

Privacy Packages 


Recent publications

Subscribe and stay up to date with the latest legal news, information and events...