ID Scanner Solutions to Avoid Legal Sanctions
What are the risks if there is a privacy breach at your end?
According to the Australian Institute of Company Directors, breaches may give rise to allegations that directors have also been in breach of their duties as directors under statute and common law.
The Privacy Act includes very particular “Privacy Principles” regulating the control and storage of private customer information. If private customer information is leaked or hacked into, the consequences can be severe. According to Find Law Australia:
Those who contravene the Australian Privacy Principles (APPs) could be liable for penalties of up to $420,000 for individuals or up to $2.1 million for corporations, for each instance of a breach.
And as The Australian reports: Expanded powers for the Privacy Commissioner also mean firms can now be investigated as the Commissioner sees fit, where previously a complaint must have been made first.
The Office of the Australian Information Commissioner imposes further guidelines for access to personal information, requiring: an APP entity that holds personal information about an individual to give the individual access to that information on request.
If your customer information is not collected and stored securely in a database, it will be impossible to follow through with this requirement.
Australian authorities are taking privacy seriously, and retailers absolutely must follow suit. Those who fail to guard customer information will find themselves severely penalized, with fines running into the millions and significant negative publicity.
Privacy and Security
Privacy and data security are paramount at Scantek.
Scanned information can only be accessed by specified accounts with the highest level of access to the secure Scantek Cloud Interface.
Activities of those accounts accessing information are also logged for review if necessary.
The Notifiable Data Breaches scheme under the Privacy Act established requirements for entities in responding to data breaches.
The scheme applies to all agencies and businesses with existing obligations under the Privacy Act from 22 February 2018.
Businesses are obliged to notify individuals obligations when a data breach is likely to result in serious harm to anyone whose personal information is involved in the breach.
Serious harm, in this context, could include serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation and other forms.
Agencies and businesses must be prepared to conduct a quick assessment of a suspected data breach to determine whether it is likely to result in serious harm, and as a result, require notification. The scheme applies to entities including Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.
The legal consequences include a public investigation that may result in civil penalties of up to $2.1 million and other consequences such as a destroyed reputation, which can be even more damaging.
Reduce the risks and contact Scantek