25 July 2019
Travis Schultz Law - Will a data breach cost you your business?

It has long been said that data and databases are gold. For obvious reasons, marketers want them; and sadly, in more recent years – so do cyber-criminals.

And for that reason, if you have a database and collect and/or store data you had better make sure you have systems in place to protect that gold – or the rainbow upon which you are standing could evaporate before your eyes.

Such is the case with LandMark White, a valuation firm with a stellar reputation for their work, but who are now facing an uncertain future after having their shares suspended for the second time in June following a second data breach.

Nothing causes greater fear among the senior management team of an organisation than being advised they have had an NDB (Notifiable Data Breach) – and rightly so.

LandMark White has experienced that terrifying situation after incurring two NDB’s in the space of four months.

This has resulted in their shares being suspended on the stock exchange – an outcome which will undoubtedly cause investor angst and further undermine the share value.

In February 2018 Australia’s Notifiable Data Breaches Scheme came into effect. It is an amendment to the Privacy Act 1988 “and effectively mandates a reporting and notification process that the Office of the Australian Information Commissioner (OAIC) had previously recommended as best practice.”[1]

Under the NDB if a data breach is likely to result in serious harm to an individual whose personal information is held by an organisation, it must notify the individuals affected as well as the OAIC.

And the penalties for failing to comply are significant- so as to ensure corporations appreciate the gravity of failing to protect their data. Individuals can face fines of up to $360,000 and corporations could be hit with fines of up to $1.8 million for each individual breach.

But it is not just the fines that will significantly impact any business whose data falls into the hands of external parties. The damage to reputation and loss of large contracts may well be something an organisation can never recover from.

For LandMark White, who provide independent commercial and residential property valuations, this has had a major impact. Their first breach saw the private information of 100,000 home loan customers posted on the dark web and subsequently cost them contracts with major financial institutions including the Commonwealth Bank.

While suppliers and customers may forgive a one-time breach, it is unlikely any organisation will be able to survive repeated breaches without very strong financial backing and access to some very deep pockets.

Databases and information are very valuable commodities – for many of us they hold highly confidential and personal information that should never be accessed or shared with anyone other than the parties involved and even then, consent is normally required.

If you don’t have policies in place to do everything you can to protect that data, it’s probably time you made it your number one priority.

For information on NDB and when to report a data breach go to the OAIC website.

[1] https://www.tpb.gov.au/notifiable-data-breaches-scheme