Cyber-crime victims may be liable under new laws
Brokers have been urged to read up on changes to the Privacy Act that may see businesses liable for data breaches. We speak to Andrew Miers of HWL Ebsworth Lawyers for details on the amendments and how they can impact your commercial clients.
Video transcript below:
Donna Sawyer, Insurance Business Online
Donna Sawyer: Recent changes to the Privacy Act are the biggest in 20 years and corporations are relying on brokers to ensure they are protected for cyber crime. Andrew Miers of HWL Ebsworth Lawyers says the legislative amendments have given the Privacy Commissioner additional powers which could have serious repercussions for companies in the event of a data breach.
Andrew Miers, HWL Ebsworth Lawyers
Andrew Miers: If the Privacy Commissioner forms the view that you have engaged in a serious or repeated interference with privacy then there is obviously the potential for the Commissioner now when these amendments come into effect to seek a civil penalty and as an example of how that might work, we just saw earlier this year the UK Information Commissioner, which is the equivalent of our Privacy Commissioner levy a £250,000 fine on Sony for the cyber hacking incident that occurred a couple of years ago. So the UK Commissioner found that Sony had not had adequate security measures in place to protect against that breach and as a result was in breach of its legal obligations and therefore the fine was levied and we could see something similar in Australia. Some of the types of scenarios where there might be a serious or repeated interference with privacy include where a company didn’t have adequate security in place, measures in place and that a cyber hacker has been able to get in as a result.
Donna Sawyer: He says the incidents of cyber crime related data breaches are rising, including damaging attacks on small businesses.
Andrew Miers: Obviously it’s a growing threat not only in Australia, but around the world as more and more businesses have a greater online presence and so we are seeing regular reports in the press of cyber crime incidents and no doubt there are numerous others that never even go reported. We saw you know the most recent high profile one affecting an Australian entity was last week with the ABC having its website hacked and the user names and passwords of individuals were compromised. What we are also seeing is an increasing prevalence of small businesses being attacked by cyber crime threats and so we have seen instances of what’s called ransom wear incidents, where a cyber hacker basically hacks into a business’s website and either installs a virus or shuts down the website and demands payment of a ransom in order to either unlock, give the password to unlock or you know and get the website back up and running.
Donna Sawyer: Andrew Miers says the insurance industry has a critical role to play in educating their commercial clients on effective risk management strategies.
Andrew Miers: The insurance industry both insurance brokers when they are trying to place business on behalf of their clients and also insurers when they are underwriting a risk, they are going to be asking potential policy holders some of the hard questions about what security measures they have in place, what privacy compliance measures they have in place and they are going to want to have answers to those questions before they are willing to insure a particular business. And so when asking those questions, they are actually performing a role in educating the business sector and in encouraging privacy compliance and adequate security measures to minimise risk in this area.
Donna Sawyer: This is Donna Sawyer reporting for Insurance Business Online.