Australian not for profits must comply with new laws that require them to notify authorities if they have had a significant data breach.
The new laws came into effect on February 22, 2018, which means any breaches after that date must be reported.
The laws require not for profits with more than $3 million in annual turnover to notify authorities of data breaches. Organisations face fines of up to $1.8 million for breaches.
Aon insurance’s national practice leader for cyber risk, Fergus Brooks, said that in the past there has been “a culture of not telling people when they’ve lost people’s data” – among not-for-profits, and other organisations.
But the expert from the Our Community insurance partner said not-for-profits deal with “very private records because of the nature of their business”, and cannot go unregulated.
To view the full Third sector article, click here.