35
LITIGATION REVIEW
WHAT SHOULD BUSINESSES BE DOING IN 2019?
There has been a limited amount of privacy litigation commenced against companies and government agencies, and no successful class actions through the Courts. This is a result of various shortcomings in the Australian legal landscape and legislative framework, which in its current form is not sufficiently robust to provide affected individuals with appropriate avenues to easily seek redress following a mishandling or breach of their data. However, the now infamous March 2018 ‘Cambridge Analytica’ incident, which involved alleged unauthorised access to and misuse of personal information of users of social media giant Facebook, may change this. The OAIC is formally investigating the incident. The overall findings, determination and willingness of the OAIC to award compensation has the potential to fundamentally impact the operation of Australia’s privacy regime, particularly as it could provide affected individuals with the ability to claim compensation en masse, when their data is affected by a data breach, or if there is mishandling of their data in contravention of privacy laws and regulations.
Cybersecurity will continue to be a key business focus for organisations in 2019. As a large percentage of human error is involved in breaches reported to the OAIC, businesses should implement robust privacy governance alongside a high- standard of security. The risk of a data breach can be greatly reduced by carrying out privacy impact assessments and information security risk assessments. Business leaders should continue to develop and test data breach response plans to ensure they have a strategy that satisfies the requirements of the Privacy Act and that all relevant stakeholders understand their responsibilities in executing the plan. The plan should be regularly revisited, tested and updated and employees should be regularly trained about the risks of malicious and non-malicious (e.g. human error) data breaches and what they should do in the event a data breach occurs. This will allow the organisation to look after affected individuals and properly discharge its compliance obligations.
Made with FlippingBook flipbook maker