News, Industry, Organisation, Sportsview

Risking privacy
Rising to the challenges of the Privacy Act amendments


The cost of data breaches to many organisations is rising each year and sport is not immune to these breaches.

Privacy laws carry the threat of severe penalties for intentional or unintentional breaches, yet many organisations remain exposed when it comes to this area.

Almost all sports collect, store and disclose personal information as part of their general operations.

However, some sporting organisations have not considered the financial impact of breaching Privacy Laws and some may remain under-insured or uninsured for such breaches.

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 altered Australia’s existing privacy law and introduced the Australian Privacy Principles (APPs) in March 2014.

The 13 APPs streamline existing privacy regulation and introduce significant new obligations around the use and disclosure of personal information. In addition, new credit reporting rules and new laws governing codes of practice for information privacy were introduced.

Sporting organisations generally collect personal information for a variety of reasons, including membership, participation programs, event entries, spectators, volunteers, payments, and the list goes on.

Many sporting organisations manage this personal information via a range of data management systems or databases. Some of these are managed internally by the organisation, some are outsourced to third parties. However, in almost all cases, the sporting organisation retains responsibility for the security and integrity of the data at all times.

The Privacy Commissioner now has enhanced powers including the ability to:

  • Accept enforceable undertakings
  • Seek civil penalties in the case of serious or repeated breaches of privacy
  • Conduct assessments of privacy performance for government agencies and businesses
  • Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
  • Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
  • Notification costs and the possible hiring of a PR firm to limit reputational damage
  • Credit monitoring or related costs
  • And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.

With this in mind, now is an opportune time for all sporting organisations to review their data security and associated data management systems including whether your current insurance program will cover the associated risks of a breach under the Act.

To put this in perspective, the changes to the Privacy Act were given further weight by the introduction of a new civil penalties regime (including fines of up to $1.7 million).

Another tough measure sports should be aware of is that reporting of data breaches is mandatory for all organisations. This means that you must let the authorities know if you have a data security breach, for example, losing a laptop that contains or gives access to customer/member data or misuse of data by an ex-employee.

In addition to the responsibilities placed on organisations by the new laws, it’s also important to plan for all the elements that will add to the cost of a data breach which include:

  • Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
  • Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
  • Notification costs and the possible hiring of a PR firm to limit reputational damage
  • Credit monitoring or related costs
  • And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.

High profile cases continue in the media such as ANZ, Sony, Target and other major organisations. However, the risks are equally real for small to medium size organisations.

As one of the most experienced sport-specific insurance brokers, AJG can help you to mitigate your risks and minimise what can be a significant financial impact on your business should the unexpected happen to your data. If you would like to know more or discuss this further, please contact Brad Edwards on 03 9412 2431 or brad.edwards@ajg.com.au

You may also be interested in...

Sportsview, Local Government

Sport Jam helps to realise TotALLy Active disability program

Attendance at Vicsport’s 2019 Sport Jam has helped Sarah Wheadon from Leisure Networks in Geelong bring her TotALLy Active program to realisation.

Read more...

Event, News

2015 LOCAL GOVERNMENT AUTHORITIES FORUM

Vicsport is pleased to announce that it will again be hosting its Local Government Authorities Forum which will bring together managers and senior representatives from Vicsport Local Government Members and other LGAs

Read more...

Coaching & Officiating, Individual, Industry, News

Safety personnel – a crucial element to every sporting club

Does your sports club have access to someone who can deal with the initial care of an injured player or provide the best chance of a quick and complete recovery? Every sporting club has a responsibility to provide a safe environment for their members and participants

Read more...


Government Partners

Preferred Suppliers