Last month saw the introduction of the Privacy Amendment (Notifiable Data Breaches) Bill 2016 in Parliament. If this Bill passes, it will require entities (regulated by the Privacy Act 1998) to notify their clients or customers, as well as the Office of the Australian Information Commissioner (OAIC), of data breaches that may cause serious harm. One example of serious harm occurred shortly after being introduced to Parliament.
Approximately 550,000 Red Cross Blood donors have had their personal information accessed by someone unauthorised to do so. Essentially, if you’ve been a donor since as far back as 2010, your name, address, phone number, date of birth and any record of at-risk sexual behaviour, has been stored on an insecure computer and was accessed by someone who was not authorised to. The Red Cross Blood Service have contacted and apologised to impacted individuals and following reporting to the OAIC, will be cooperating with the investigation into how this breach occurred.
Red Cross moved swiftly once this breach was identified and worked with AusCERT, a cyber security organisation, who provided advice and information on security to remove all personal data. They also engaged IDCARE, a national identity and cyber support service, to provide support and counselling to individuals impacted by this event.
Learning Seat offers Privacy training for employees with real-world scenarios and interactive decision points and was created in partnership with Australian law firm Lander & Rogers. For an organisation, it can reduce the incidence of breaches and protect their brand and reputation from the damage Red Cross Blood Service is currently experiencing.
The privacy training module covers:
- The Australian Privacy Principles
- Preventing breaches of privacy law
- Identifying and managing a privacy breach
- Consequences of breaching the Privacy Act, and
- Role of the Office of the Australian Information Commissioner (OAIC)
If you’re interested in effectively training your employees about privacy to help protect your organisation from a breach, then please contact us to talk about the best solution for you.