The world class cinema experience, that is the recent boom in online streaming software like Netflix and Stan, continues to indulge us with the recently launched Disney+ in America and now in Australia. However when world class attracted a world of personal data, hackers were able to take the Mickey out of Disney’s software security.
On 12 November 2019, Disney+ User Accounts were compromised and put up for sale by hacker’s only hours after the software was made available. Account users were locked out of their account, some of whom had pre-paid a three-year membership.
This breach of data security emphasises the importance of Australian businesses to be aware of their legal obligations in reporting eligible data breaches.
In Australia, whether you are a small business or multi-billion dollar company like Disney if you collect personal information, you have a legal obligation to notify your clients of any breaches of data security. This is enforced under the Notifiable Data Breach Scheme of the Privacy Act 1988 (Cth).
A data breach will likely have occurred where your clients’ information has either been leaked, lost or disclosed without authorisation, which can be detrimental to relationships and professional identity as a business.
As a business, it is important to be aware of:
- When an eligible data breach has occurred;
- What are your reporting obligations; and
- How to remedy the situation.
If your business fails to follow these procedures, you could be fined up to $1.8 million.
If your business requires advice or assistance in preparation of policy documents to address cyber security or issues of breaches, please do not hesitate to contact McInnes Wilson Lawyers Principal Trenton Schreurs.