Privacy Awareness Week: Third party breaches
Presented by Lana Remedi
Lana Remedi, Special Counsel in our Cyber Incident Response team, shares practical strategies for managing third-party data breaches - whether you're directly impacted or an indirect downstream victim.
Key insights:
- When a breach occurs, transparency is key. Notify impacted parties promptly, investigate thoroughly, and communicate clearly throughout the response process.
- Even if you are not the direct victim of the breach, you may still be responsible under the Privacy Act with respect to any jointly held data.
- Reviewing and improving your cyber hygiene and fostering a culture of security across your supply chain is essential.
Tip: Only one entity needs to notify the Office of the Australian Information Commissioner and affected individuals - typically the one with the most direct relationship to them. But all parties involved should collaborate to ensure timely and accurate information sharing and coordinated approach to reporting and notification.
Led by the Office of the Australian Information Commissioner, Privacy Awareness Week is a timely reminder that privacy is everyone's business.
This is commentary published by Colin Biggers & Paisley for general information purposes only. This should not be relied on as specific advice. You should seek your own legal and other advice for any question, or for any specific situation or proposal, before making any final decision. The content also is subject to change. A person listed may not be admitted as a lawyer in all States and Territories.