News, Industry, Organisation, Sportsview

Risking privacy
Rising to the challenges of the Privacy Act amendments


The cost of data breaches to many organisations is rising each year and sport is not immune to these breaches.

Privacy laws carry the threat of severe penalties for intentional or unintentional breaches, yet many organisations remain exposed when it comes to this area.

Almost all sports collect, store and disclose personal information as part of their general operations.

However, some sporting organisations have not considered the financial impact of breaching Privacy Laws and some may remain under-insured or uninsured for such breaches.

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 altered Australia’s existing privacy law and introduced the Australian Privacy Principles (APPs) in March 2014.

The 13 APPs streamline existing privacy regulation and introduce significant new obligations around the use and disclosure of personal information. In addition, new credit reporting rules and new laws governing codes of practice for information privacy were introduced.

Sporting organisations generally collect personal information for a variety of reasons, including membership, participation programs, event entries, spectators, volunteers, payments, and the list goes on.

Many sporting organisations manage this personal information via a range of data management systems or databases. Some of these are managed internally by the organisation, some are outsourced to third parties. However, in almost all cases, the sporting organisation retains responsibility for the security and integrity of the data at all times.

The Privacy Commissioner now has enhanced powers including the ability to:

  • Accept enforceable undertakings
  • Seek civil penalties in the case of serious or repeated breaches of privacy
  • Conduct assessments of privacy performance for government agencies and businesses
  • Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
  • Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
  • Notification costs and the possible hiring of a PR firm to limit reputational damage
  • Credit monitoring or related costs
  • And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.

With this in mind, now is an opportune time for all sporting organisations to review their data security and associated data management systems including whether your current insurance program will cover the associated risks of a breach under the Act.

To put this in perspective, the changes to the Privacy Act were given further weight by the introduction of a new civil penalties regime (including fines of up to $1.7 million).

Another tough measure sports should be aware of is that reporting of data breaches is mandatory for all organisations. This means that you must let the authorities know if you have a data security breach, for example, losing a laptop that contains or gives access to customer/member data or misuse of data by an ex-employee.

In addition to the responsibilities placed on organisations by the new laws, it’s also important to plan for all the elements that will add to the cost of a data breach which include:

  • Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
  • Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
  • Notification costs and the possible hiring of a PR firm to limit reputational damage
  • Credit monitoring or related costs
  • And of course, the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data.

High profile cases continue in the media such as ANZ, Sony, Target and other major organisations. However, the risks are equally real for small to medium size organisations.

As one of the most experienced sport-specific insurance brokers, AJG can help you to mitigate your risks and minimise what can be a significant financial impact on your business should the unexpected happen to your data. If you would like to know more or discuss this further, please contact Brad Edwards on 03 9412 2431 or brad.edwards@ajg.com.au

You may also be interested in...

Sportsview

Delivering Participation Outcomes - Upcoming VPN Event

Have you ever thought of taking the road less traveled and create programs to increase participation in your sport but haven't had the budget to do so?

Read more...

Inclusion, Organisation, Research

NEW ADVICE TO HELP ACTIVE VICTORIAN WOMEN

Victorian women of all ages now have access to the latest exercise, health and nutrition research and advice thanks to a series of fact sheets designed to give women the right information to make the right choices at different stages of their lives

Read more...

News, Preferred Supplier, Sportsview, Organisation

Better safety without the paperwork for AFL Goldfields

“AFL Goldfields are thrilled to be partnering with CareMonkey to roll out their program across all Ballarat FNL and Riddell District FNL football and netball competitions in 2016

Read more...


Government Partners

Preferred Suppliers