As part of Privacy Awareness Week 2012, over 180 business leaders met in Sydney this week to discuss the topic of data breaches. Data breaches can occur through lost or stolen laptops, portable storage devices and paper records, or through databases being ‘hacked’ into or organisations mistakenly providing information to the wrong person. The effects of data breaches can be theft of identity and potentially credit fraud leading to bad credit history for the victim. The Privacy Commissioner claims there is in effect one data breach a week in Australia – an increase of 27 per cent from last year.
This is an excerpt from Privacy Commissioner Timothy Pilgrims statement to the media on Monday on data breaches in Australia:
“The Office of the Australian Information Commissioner (OAIC) was notified of 56 data breaches in the last financial year, equivalent to a data breach a week. This is up from 44 in the previous year, an increase of 27 per cent,” Mr Pilgrim said.
However, the Privacy Commissioner also noted that he opened a further 59 investigations into other breaches where he wasn’t notified of the incident.
“Serious harm can befall people when the security of their personal information is compromised”, Mr Pilgrim said. “It is our view that whenever there is a real risk of serious harm, affected individuals should be notified.”
…Data breach notification is not a mandatory obligation applying generally to government and business in Australia. However, there is increased pressure on the Government to introduce laws to make it a general legal requirement as it is elsewhere — data breach notification is already a mandatory requirement in Europe, the UK and the United States….
The Privacy Commissioner warned that in some circumstances, it may be a breach of the Privacy Act not to notify as organisations covered by the Privacy Act must take reasonable steps to protect the information they hold.
For businesses who would like a reference for guidelines on handling personal information security breaches, the OAIC has released this document:
Data breach notification: A guide to handling personal information security breaches. It outlines four steps to consider when responding to a breach or suspected breach and also outlines preventative measures that should be taken as part of a comprehensive information security plan.
Personal information has become a valuable commodity used to commit identity fraud and potentially ruin the victim’s financial future.
We can’t take lightly the possibility that any company that keeps data on its customers could be exposed to data breaches. Identity theft is becoming more prevalent, and personal information is lucrative for fraudsters.
Personal information in the wrong hands can lead not only to identity fraud, but the misuse of the victim’s credit file, which can have significant long term consequences.
Data breaches are difficult for individuals to have any control over, and the only way people can ensure their details are safe are to demand that the companies they deal with have strong IT systems before disclosing that information.
The Australian Crime Commission’s Identity Crime report advises consumers on ways they can protect their personal information. They advise all individuals to obtain a copy of their credit report annually in order to keep abreast with any changes to their credit file which may point to identity theft.
This could detect suspicious entries such as new credit enquiries or changes in contact details which would point to an identity theft attempt, allowing steps to be taken before the fraud affects the person’s good credit rating.
If a person may be vulnerable to identity theft through a data breach, they should check their credit file immediately, and also contact Police who will advise them on the best course of action to take to restore their accounts and potentially their good name. This could include applying for a Victims of Commonwealth Identity Crime Certificate – which covers particular Commonwealth Identity Crime and can aid in recovery.
If people need help to prepare a case to creditors for default removal following identity theft, it may help to contact a reputable credit repair company.
MyCRA Credit Rating Repairs is proud to be a partner for Privacy Awareness Week 2012.