Australia: Failure to notify customers of data beach may result in investigation - DAC Beachcroft
DAC Beachcroft
Show/Hide Tags

Australia: Failure to notify customers of data beach may result in investigation's Tags

Tags related to this article

Download PDF Print page

Australia: Failure to notify customers of data beach may result in investigation

Published 10 diciembre 2014

Australian travel insurer, Aussie Travel Cover (ATC) has recently revealed that it was the subject of a cyber-attack in December of last year which compromised 770,000 pieces of personal data.

Although it notified the Australian Information Commissioner soon after it became aware of the attack, Australia currently has no laws requiring companies to disclose data breaches, regardless of size, so ATC was under no obligation and chose not to inform its policyholders of the breach.

However, the Commissioner has the regulatory power to investigate any alleged breach of the Privacy Act, which it may do following a complaint or of its own volition.

Unfortunately ATC's decision not to inform its policyholders of the breach, many of whom found out about the breach through the media, is likely to result in complaints to the Commissioner therefore making it more likely to commence an investigation.

If the Commissioner does decide to commence an investigation and finds that reasonable steps were not taken by ATC to protect its customers' data it may be subject to a range of civil sanctions.

A news report on the attack is available here.

Authors

Hans Allnutt

Hans Allnutt

London - Walbrook

+44 (0) 20 7894 6925

Jade Kowalski

Jade Kowalski

London - Walbrook

+44(0)20 7894 6744

< Back to articles

Related articles

Cyber Newsletter - November 2022

By Patrick Hill, Hans Allnutt, Jade Kowalski, Charlotte Halford, Christopher Air

How Secure is Secure? What do recent ICO penalty notices tell us about GDPR security requirements?

By Hans Allnutt

NIS breaches, the national cybersecurity strategy and law enforcement engagement

By Tom Evans

Cyber and Employment Law

Supply Chain Breaches

By Charlotte Halford, Patrick Hill

Understanding Privacy-Enhancing Technologies (PETs)

By Rebecca Morgan, Johanna Lipponen

The EU Data Package

By Charlotte Halford, Christopher Air, Holly Eastwood

UK Legislative Developments and the Impact on Cyber

By Pavan Trivedi

Developments in Canadian Privacy Law

Recent Australian Cyber and Privacy Developments (July-September 2022)

American Data Privacy Protection Act (“ADPPA”): Is the U.S. Finally Getting Federal Data Privacy Protection?

Cyber Newsletter - September 2022

By Patrick Hill, Hans Allnutt

The Data Protection and Digital Information Bill: An Overview

By Jade Kowalski, Charlotte Halford, Christopher Air, Sophie Devlin, Rebecca Morgan

Data And Cyber Bulletin - August 2022

By Patrick Hill, Hans Allnutt

2022 ENISA Report Finds Ransomware Attacks Continue to Dominate the Global Cybersecurity Landscape

By Patrick Hill, Sonali Malhotra

A new Task Force report on Confronting Reality in Cyber Space has been published by the Council for Foreign Relations

By Hans Allnutt, Pavan Trivedi

Former NHS employee prosecuted and fined after illegally accessing patient records without a valid legal reason

By Sophie Devlin, Shanaka Wijetunge

Online Safety Bill at a standstill pending appointment of a new Prime Minister

By Astrid Hardy

When European data regulators disagree: EDPB steps in to resolve a dispute between French and Polish Data Protection Authorities

By Christopher Air, Alexander Dimitrov

Data And Cyber Bulletin - July 2022

By Hans Allnutt, Patrick Hill

This website uses cookies so that we can improve your experience. By continuing to use the site you are agreeing to our use of cookies. For more details please view our Cookies Policy.
DAC Beachcroft