Social media policy template: Security breaches

Changes to the Privacy Act and the passing of the Notifiable Data Breach Bill spell changes for Australian businesses, social media archiving and information management.

We’ve put together a cheat sheet to help you understand how it might impact you and for you to use as a template in your social media policy:

What is a security breach?

A security breach can include; lost or stolen laptops, USBs or other portable storage devices, paper records that have been misplaced or stolen, lost direct messages, deleted Facebook conversations with a member of the public or emails that contain sensitive information sent to the wrong person.

The changes in legislation show a change towards ensuring organisations take responsibility for the communication and identification of data breaches, including their reporting and information management duties.

What is a Notifiable Data breach?

• Customer or client information has disappeared or is not accessible
• A third party has unauthorised access to customer/client data
• Personal information that identifies an individual has been disclosed (inadvertently, maliciously or accidentally)

What steps you do take if you experience an unauthorised breach?

• If any unauthorised breach, disclosure or loss of data poses a genuine risk to individuals involved, the organisation has a duty of care to report the matter and directly contact anyone who’s data may have been compromised.
• Notify anyone affected by any data breach the appropriate action and where they can get support.
• Your organisation may be required by law to notify the Privacy Commissioner and any affected members of the public when data breaches or data losses occur.
• Organisations who don’t report ‘breaches’ or ignore their reporting obligations are liable to pay fines up to $360,000 for individuals and $1.8 million for organisations.