A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 10 December 2014
Australian travel insurer, Aussie Travel Cover (ATC) has recently revealed that it was the subject of a cyber-attack in December of last year which compromised 770,000 pieces of personal data.
Although it notified the Australian Information Commissioner soon after it became aware of the attack, Australia currently has no laws requiring companies to disclose data breaches, regardless of size, so ATC was under no obligation and chose not to inform its policyholders of the breach.
However, the Commissioner has the regulatory power to investigate any alleged breach of the Privacy Act, which it may do following a complaint or of its own volition.
Unfortunately ATC's decision not to inform its policyholders of the breach, many of whom found out about the breach through the media, is likely to result in complaints to the Commissioner therefore making it more likely to commence an investigation.
If the Commissioner does decide to commence an investigation and finds that reasonable steps were not taken by ATC to protect its customers' data it may be subject to a range of civil sanctions.
A news report on the attack is available here.
London - Walbrook
+44 (0) 20 7894 6925
+44 (0)20 7894 6577
Alex Lock, Richard Loxley, Louise Bloomfield, Georgina Rowley, Khurram Shamsee