Queensland Law Society

Data breach reporting regime

On 22 February 2018 the federal government’s data breach reporting regime will commence, through amendments to the Privacy Legislation. The regime is broad-reaching and will likely effect most law firms-prudent practitioners will operate on the basis that it applies to them.

The regime requires that data breaches that are deemed eligible under the legislation must be reported to the Information Commissioner and the clients affected-and in some circumstances advertised on the firm’s website. Firms do not need to be hacked to suffer a data breach-losing a USB or simply leaving a file on a bus can trigger the operation of the regime.

Penalties for non-compliance can run into the millions, so it is imperative that practitioners familiarise themselves with the legislation and take steps to avoid data breaches. 2017 QLS President Christine Smyth and Ethics Solicitor Shane Budden provide a more detailed analysis of the regime in the March edition of Proctor and provide some tips to avoid breaches in the first place. Shane Budden will also discuss the new regime with fellow Ethics Solicitor David Bowles in a Facebook Live event on Friday 16 February at 9.30am. Please note that you will need a Facebook account to join this event, and that the video will be posted to our Facebook page at the conclusion of the Live event.