A bill containing the first significant round of government reforms to the Privacy Act 1988 just took a big step towards final implementation. Last week, a Senate Committee tabled a report supporting the bill’s passage into law. Two key areas include updating the Act to suit the digital age and strengthening enforcement.
Insurers and large organisations holding personal information, including health and telecommunications companies, are particularly impacted around how they deal with cyber risks.
The underwriting agency, Sportscover Australia, says the changes also have important implications for the sports sector. However, addressing these risks won’t be solved by simply buying cyber covers.
“In terms of turnover and membership, if you're a national governing body, or even a fairly large state body, you should already be purchasing cyber cover,” said Chris Nash (pictured above), Sportscover’s managing director. His firm specialises in sports and leisure coverages.
“The information that you hold,” said Nash, “Categorically will put you in a position that, under legislation, if something goes wrong, you're going to have to be living up to all of the requirements of the Privacy Act.”
Insurance Business asked Nash what brokers can do to help sports bodies reduce these new liability and cyber risks?
“There's a whole range of things,” he said. “You could start around the technical pieces, including virus software and how back-ups are handled and where things being kept.”
The next, likely more challenging, step brokers should encourage, he said, is around education.
“Then you've got the cultural pieces and human training around trying to spot fishing expeditions, as well as the usual scams that come through,” said Nash.
Part of that training, he said, is educating volunteers about basic issues, like their vulnerability to cyberattacks.
“They're [the cyberattackers] not really that bothered whether you're a little gymnasium in a small town of if you’re Medicare,” said Nash. “They just shotgun this stuff out there and if someone goes for it, great, they respond.”
The vulnerability, he said, can come from a volunteer’s use of email and mobile phones.
“People think they’re being targeted because they’re old or because they’re not that tech savvy,” said Nash. “Actually, they’re being targeted because this is basically call centres just working through lists and if they get no response, they don't care, they move on to the next one.”
According to a recent report from the international insurance group Hiscox, two-thirds of organisations globally have seen an increase in cyber incidents over the past 12 months compared to last year.
The report highlighted the role of new technologies in the rising number of cyberattacks. Seven in 10 businesses globally said they have integrated Generative AI (GenAI) into their operations, with over half acknowledging that it significantly impacts their cyber security risk profile.
Despite this, the report found that many businesses remain underprepared. Roughly one third of global firms admitted that a lack of expertise is compromising their ability to manage risks associated with emerging technologies.
In September, the Office of the Australian Information Commissioner (OAIC) welcomed the first tranche of reforms to the Privacy Act 1988. A media release referred to the reforms as an important first step in strengthening Australia’s privacy framework.
“The enhanced civil penalty regime will add significantly to our enforcement toolkit, providing the OAIC with greater discretion and flexibility to apply a risk-based approach to enforcement that is proportionate and also supportive of a growing digital economy,” said Australian Privacy Commissioner Carly Kind.
She said the new rules will also “fill a gap” by providing people with avenues to seek redress through the courts for serious invasions of privacy.
However, Commissioner Kind said much more needs to be done.
“We are eagerly awaiting the second tranche of privacy reforms, dealing with much needed reforms including a new positive obligation that personal information handling is fair and reasonable,” she said.
According to the OAIC, the bill approved last week by the Senate Committee will:
How do you see the new Privacy Act reforms and their impact on your customers? Please tell us below.
