Protection guaranteed: New laws hold companies accountable for securing your data.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increases the maximum penalties for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of:

  • $50 million;
  • three times the value of any benefit obtained through the misuse of information; or
  • 30 per cent of a company’s adjusted turnover in the relevant period.

The Bill also provides the Australian Information Commissioner with greater powers to resolve privacy breaches and quickly share information about data breaches to help protect customers.

Significant privacy breaches in recent months have shown existing safeguards are outdated and inadequate. These reforms make clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business.

What does this mean for accounting firms?

Recent high-profile data breaches at companies like Medibank and Optus have led to stricter measures being put in place to protect consumer and client data in Australia. This shift in focus towards data security is an important reminder for accounting firms that protecting their clients’ sensitive information is not only a moral responsibility but also a legal obligation that must be upheld in order to remain compliant with regulations.

As the stakes for data breaches continue to rise, accounting firms must prioritize the safeguarding of their clients’ information to avoid potential penalties and maintain the trust of their customers.

What can accountants do to secure client data?

1. Ensure email systems are secure. Securing your company’s email systems is vital for protecting sensitive information and preventing unwanted spam and malware. By implementing spam filtering and email quarantine systems, your inboxes will be protected from unwanted messages and potential cyber threats. Additionally, implementing core security measures such as Multi-Factor Authentication (MFA) ensures that only authorized individuals have access to important data. Access management is also crucial in controlling how employees access their work email, which mailboxes they can access, and how new and departing employees are managed. By taking these precautions, you can ensure that your company’s email systems remain secure and protected

2. Have an identity access management solution in place. Implementing an identity access management solution is a crucial step in protecting your business’s sensitive information. While a password manager may be enough for some, an identity access management tool offers a more comprehensive approach to security by allowing business owners to control employee access to sensitive applications, such as banking logins. Furthermore, an identity access management tool includes a variety of other security measures for cloud-based applications, providing an extra layer of protection for your business.

3. Have policies around cybersecurity and make sure employees are aware of these policies.As the digital age continues to evolve, the importance of cybersecurity has never been greater. Ensuring the safety of sensitive client data is a top priority for any organization. One of the most effective ways to safeguard against cyber threats is to implement strict policies and procedures for cybersecurity and to make sure that all employees are fully informed of these policies and understand their responsibilities in maintaining the security of the firm’s data. But simply having policies in place is not enough. It is equally important to regularly educate and train employees on the latest security threats and best practices for protecting sensitive information. By taking a proactive approach to cybersecurity, organizations can proactively mitigate risk and protect their most valuable assets – their client data.

At Carisma Solutions, we have a holistic cybersecurity policy that our 400+ accountants use to secure their data worldwide. Talk with our team to learn more.