{"id":41938,"date":"2023-10-20T15:17:33","date_gmt":"2023-10-20T15:17:33","guid":{"rendered":"http:\/\/startupsmart.test\/2023\/10\/20\/insider-tips-what-every-startup-should-know-about-the-proposed-data-breach-notification-laws-startupsmart\/"},"modified":"2023-10-20T15:17:33","modified_gmt":"2023-10-20T15:17:33","slug":"insider-tips-what-every-startup-should-know-about-the-proposed-data-breach-notification-laws-startupsmart","status":"publish","type":"post","link":"https:\/\/www.startupsmart.com.au\/uncategorized\/insider-tips-what-every-startup-should-know-about-the-proposed-data-breach-notification-laws-startupsmart\/","title":{"rendered":"Insider tips: What every startup should know about the proposed data breach notification laws – StartupSmart"},"content":{"rendered":"
\"\"<\/div>\n

What you don\u2019t know can hurt your business. We spoke to a legal tech expert to uncover the best ways to avoid exposing your startup to non-compliance of privacy laws.<\/em><\/p>\n

 <\/p>\n

At some point this year, the long-awaited mandatory data breach notification bill is expected to become law, which would mean that businesses with an annual turnover of $3M or more would be required to notify their customers and the regulator of all serious data breaches.<\/p>\n

 <\/p>\n

That might sound like bigger business than your average startup, and so many businesses will simply ignore the new law when it is passed, assuming they\u2019re exempt. But if you\u2019re in the technology sector or rely heavily on the personal data of your clients, you might not be exempt and could be dealing with personal information (and triggering privacy obligations) without realising it.<\/p>\n

 <\/p>\n

We sat down with Alex Hutchens, Partner of Australian law firm McCullough Robertson, to discuss implementing privacy compliance into your culture right from the start.<\/p>\n

 <\/p>\n

1. This new law won’t apply to me \u2013 why do startups need to be aware of it?<\/h3>\n

 <\/p>\n

The whole point of a startup is to create a successful business. No magic buzzer goes off when annual turnover exceeds $3m. Startups need to prepare for the fact that once their revenue is healthy, they will be immediately caught by privacy obligations, rather than trying to reverse-engineer privacy compliance into their business.<\/p>\n

 <\/p>\n

Secondly, many startups deal with data rich products. Technology is evolving so quickly that even \u2018anonymised\u2019 data sets used for big data analysis can be used to identify people, and so you might be unwittingly dealing with information covered by privacy laws even though your revenue is low. Prepare for that now rather than playing catch-up later.<\/p>\n

 <\/p>\n

2. What does a serious data breach look like?<\/h3>\n

 <\/p>\n

Currently under Australian privacy law, notification is only voluntary; if an individual\u2019s information is hacked or inadvertently leaked, they are not required to be told. The flaw in this system is that individuals don\u2019t get the chance to help themselves by cancelling their credit cards, or by resetting all their passwords. The new law aims to fix this flaw. Under the proposed laws, if there is a data breach and as a result there is a \u2018real risk\u2019 of serious harm for an individual \u2013 you have to notify.<\/p>\n

 <\/p>\n

3. What should my response plan look like?<\/h3>\n

 <\/p>\n

We advise voluntary compliance right from the start of your businesses* – it\u2019s better to be privacy compliant when you don\u2019t need to be, rather than discovering later that you are non-compliant when you should have been. Have technical and operational protections in place to prevent breaches, and implement processes that comply with the notification obligations. Thankfully, as a startup you have a natural competitive advantage being new and relatively flexible, so you can better build systems with privacy in mind.<\/p>\n

 <\/p>\n

Plan in advance. A well-run notification process can demonstrate commitment and professionalism which confirms to your customers that you are the right company to do business with.<\/p>\n

 <\/p>\n

Overall, you want to establish a culture of privacy compliance. Be on the front foot and minimise any damage both arising from the breach itself, and to your company\u2019s professional reputation.<\/p>\n

 <\/p>\n

Want further details on crowd-sourced equity funding? Get in touch with McCullough Robertson for support and advice.<\/em><\/p>\n

 <\/p>\n

Written by: Thea Christie<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"

What you don\u2019t know can hurt your business. We spoke to a legal tech expert to uncover the best ways<\/p>\n","protected":false},"author":2,"featured_media":60611,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/posts\/41938"}],"collection":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/comments?post=41938"}],"version-history":[{"count":0,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/posts\/41938\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/media\/60611"}],"wp:attachment":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/media?parent=41938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/categories?post=41938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/tags?post=41938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}