Risking privacy
Rising to the challenges of the Privacy Act amendments
The cost of data breaches to many organisations is rising each year and sport is not immune to these breaches.
Privacy laws carry the threat of severe penalties for intentional or unintentional breaches, yet many organisations remain exposed when it comes to this area.
Almost all sports collect, store and disclose personal information as part of their general operations.
However, some sporting organisations have not considered the financial impact of breaching Privacy Laws and some may remain under-insured or uninsured for such breaches.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 altered Australia’s existing privacy law and introduced the Australian Privacy Principles (APPs) in March 2014.
The 13 APPs streamline existing privacy regulation and introduce significant new obligations around the use and disclosure of personal information. In addition, new credit reporting rules and new laws governing codes of practice for information privacy were introduced.
Sporting organisations generally collect personal information for a variety of reasons, including membership, participation programs, event entries, spectators, volunteers, payments, and the list goes on.
Many sporting organisations manage this personal information via a range of data management systems or databases. Some of these are managed internally by the organisation, some are outsourced to third parties. However, in almost all cases, the sporting organisation retains responsibility for the security and integrity of the data at all times.
The Privacy Commissioner now has enhanced powers including the ability to:
- Accept enforceable undertakings
- Seek civil penalties in the case of serious or repeated breaches of privacy
- Conduct assessments of privacy performance for government agencies and businesses
- Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
- Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
- Notification costs and the possible hiring of a PR firm to limit reputational damage
- Credit monitoring or related costs
- And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.
With this in mind, now is an opportune time for all sporting organisations to review their data security and associated data management systems including whether your current insurance program will cover the associated risks of a breach under the Act.
To put this in perspective, the changes to the Privacy Act were given further weight by the introduction of a new civil penalties regime (including fines of up to $1.7 million).
Another tough measure sports should be aware of is that reporting of data breaches is mandatory for all organisations. This means that you must let the authorities know if you have a data security breach, for example, losing a laptop that contains or gives access to customer/member data or misuse of data by an ex-employee.
In addition to the responsibilities placed on organisations by the new laws, it’s also important to plan for all the elements that will add to the cost of a data breach which include:
- Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
- Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
- Notification costs and the possible hiring of a PR firm to limit reputational damage
- Credit monitoring or related costs
- And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.
High profile cases continue in the media such as ANZ, Sony, Target and other major organisations. However, the risks are equally real for small to medium size organisations.
As one of the most experienced sport-specific insurance brokers, AJG can help you to mitigate your risks and minimise what can be a significant financial impact on your business should the unexpected happen to your data. If you would like to know more or discuss this further, please contact Brad Edwards on 03 9412 2431 or [email protected]
You may also be interested in...
Hockey finds new home in Gippsland
Development and growth opportunities for players in Gippsland.
Soccer Mums - Football Open to Everyone
Soccer Mums is a fun, social program initiated by VicHealth, FFV and Melbourne City FC to get mums active in a fun way instead of just standing on the sidelines
UNODC and ICSS launch comprehensive Resource Guide on Good Practices in the Investigation of Match-Fixing
23 August 2016 Following on from the partnership signed last year at the 13th United Nations Congress on Crime Prevention and Criminal Justice, UNODC and the International Centre for Sport Security (ICSS) have today unveiled a new resource guide that will help law enforcement and sports organisations better detect and investigate match-fixing and cases of sports-results manipulation