'An ex-employee stole contacts. What should I do?'


'An ex-employee stole contacts. What should I do?'

Your client database is arguably the most valuable asset you own. When the worst happens, act swiftly to save your business from serious harm.


Get unlimited access to all of our content.

An employee who left the company in March emailed customer details to his personal email address before leaving, but we only found out last week. Nothing has happened yet, so no harm done, right? 

“Your company has experienced a data breach and you must act quickly to ensure that you comply with your obligations under the Privacy Act 1988,” says Luke Topfer, an Associate at Australian Business Lawyers & Advisors.

“Under the Notifiable Data Breaches scheme, you are required to determine whether the data breach amounts to an eligible data breach within 30 days (for you, that timer started last week).”

According to the Privacy Act, an eligible data breach is one that is likely to result in “serious harm” to the affected individuals.

“If you determine that an eligible data breach did occur, you are required to prepare and provide a statement to the Office of the Australian Information Commissioner, setting out the circumstances of the data breach as soon as practicable after becoming aware that an eligible data breach occurred,” adds Topfer. “You must also notify the affected individuals of the contents of the statement.”

To ensure your company is better prepared for incidents like this in the future, Topfer suggests performing an audit of the privacy systems and procedures of your company, and preparing a data breach response plan.

Do you have a question about data breaches?  Call 1300 565 846 to speak with one of Australian Business Lawyers & Advisors’ experts.

This article originally appeared on the NSW Business Chamber website. WorkplaceInfo is owned by the chamber.
Post details