Cyber Insurance – The changes to Australia’s Data Breach Notification Laws and the Impact on Your Pharmacy
On the 22nd February, Australia’s data breach notification laws came into force. Now is the time to consider how cyber insurance could be a useful and cost-effective new part of your risk management plan.
Your Existing Cover Probably Won’t Cut It
You may have existing cover – for example business insurance or management liability, but it is unlikely that any such insurance will cover losses arising from a cyber security breach. In fact, some general policies contain specific exclusions for cyber-related losses.
Start At The Beginning
What is cyber insurance? Cyber insurance offers coverage for, or mitigation of, certain specified, limited cyber risks.
When Is Notification Required?
You are now required to notify where there are reasonable grounds to believe that an ‘eligible data breach’ has occurred. An ‘eligible data breach’ happens where:
1) There is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
2) The access, disclosure or loss is likely to result in serious harm to any of the individuals whom the information relates.
There is no minimum number mentioned by the act, so a breach of one individual could be enough.
What Does Notification Involve?
Prior to this law being passed, notification was voluntary for most entities where a data breach had occurred. Going forward, where there is an eligible data breach you must prepare and provide a statement to the effected individuals as soon as practicable.
Think of how much individual information your pharmacy has stored on its computers? Then imagine having to notify every individual that their personal data had been compromised?
Our Cyber Essentials can assist with this task.
Who Is Impacted?
The new law is an amendment to the Privacy Act and will apply to all entities bound by that Act, namely Federal Government agencies, private sector organisations with an annual turnover above $3 million (and their related companies) and some others. It’s also recommended as good practice for smaller private sector organisations which handle a lot of personal data.
What Should You Do Next?
You should ensure that your data breach response plans are effective and up-to-date, and that you have internal and external contacts ready to respond swiftly when a breach occurs. Our dedicated Cyber Support hotline is ready to help policy holders 24/7.
At Carollo Horton, we have created the first Pharmacy specific Cyber Insurance product. Let our dedicated team talk to you about how our Cyber Essentials package can be part of your response to these new government requirements.