Risking privacy
Rising to the challenges of the Privacy Act amendments
The cost of data breaches to many organisations is rising each year and sport is not immune to these breaches.
Privacy laws carry the threat of severe penalties for intentional or unintentional breaches, yet many organisations remain exposed when it comes to this area.
Almost all sports collect, store and disclose personal information as part of their general operations.
However, some sporting organisations have not considered the financial impact of breaching Privacy Laws and some may remain under-insured or uninsured for such breaches.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 altered Australia’s existing privacy law and introduced the Australian Privacy Principles (APPs) in March 2014.
The 13 APPs streamline existing privacy regulation and introduce significant new obligations around the use and disclosure of personal information. In addition, new credit reporting rules and new laws governing codes of practice for information privacy were introduced.
Sporting organisations generally collect personal information for a variety of reasons, including membership, participation programs, event entries, spectators, volunteers, payments, and the list goes on.
Many sporting organisations manage this personal information via a range of data management systems or databases. Some of these are managed internally by the organisation, some are outsourced to third parties. However, in almost all cases, the sporting organisation retains responsibility for the security and integrity of the data at all times.
The Privacy Commissioner now has enhanced powers including the ability to:
- Accept enforceable undertakings
- Seek civil penalties in the case of serious or repeated breaches of privacy
- Conduct assessments of privacy performance for government agencies and businesses
- Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
- Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
- Notification costs and the possible hiring of a PR firm to limit reputational damage
- Credit monitoring or related costs
- And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.
With this in mind, now is an opportune time for all sporting organisations to review their data security and associated data management systems including whether your current insurance program will cover the associated risks of a breach under the Act.
To put this in perspective, the changes to the Privacy Act were given further weight by the introduction of a new civil penalties regime (including fines of up to $1.7 million).
Another tough measure sports should be aware of is that reporting of data breaches is mandatory for all organisations. This means that you must let the authorities know if you have a data security breach, for example, losing a laptop that contains or gives access to customer/member data or misuse of data by an ex-employee.
In addition to the responsibilities placed on organisations by the new laws, it’s also important to plan for all the elements that will add to the cost of a data breach which include:
- Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
- Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
- Notification costs and the possible hiring of a PR firm to limit reputational damage
- Credit monitoring or related costs
- And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.
High profile cases continue in the media such as ANZ, Sony, Target and other major organisations. However, the risks are equally real for small to medium size organisations.
As one of the most experienced sport-specific insurance brokers, AJG can help you to mitigate your risks and minimise what can be a significant financial impact on your business should the unexpected happen to your data. If you would like to know more or discuss this further, please contact Brad Edwards on 03 9412 2431 or brad.edwards@ajg.com.au
You may also be interested in...
DYLAN VS MACK VS KIM
Dylan Alcott OAM (Paralympian Tennis) and Mack Horton (Swimming) and Kim Brennan (Rowing) are just some of the names being put forward for this elusive award to be presented in March 2017.
Open House: Co-Working Space #3
The third edition of Open House: Co-Working Space left participants feeling energised, with an arsenal of new, easy exercises that they can do at home thanks to Gymnastics Victoria's Alison Lyons demonstration of 'Move My Way'
Good governance: best practice
The Vicsport Good Governance toolkit is an in depth look at how organisations can lift their governance practices.
