Australian companies face ‘US levels’ of litigation if they fail to prepare for mandatory data breach reporting requirements which are likely to come into effect this year, a lawyer has warned. Speaking in Sydney, Adam Salter, a partner at law firm Jones Day’s cybersecurity, privacy and data protection practice, said companies not adequately prepared are at greater risk of being sued by their corporate customers. Litigation would be initiated for breach of privacy obligations embedded in customer contracts and by consumer customers, he said. Salter based his view on the firm’s experience in other jurisdictions – such as the US and European Union – that have introduced mandatory data breach notification laws. Mauricio Paez, a US-based partner at the Jones Day practice, said that since the introduction of mandatory data breach notification laws in the US, there have been several private class actions and strong government enforcement activities. “Data breach notification has the positive effect of providing due warning to potentially affected individuals to enable them to take appropriate steps to guard against identity theft and other potential harms. “Breach notification also means that cyber breaches could now be very public events that can result in private litigation, reputation and brand harm, and lead to governmental investigations, thereby increasing the legal risks to the reporting business,” said Paez. In 2014, large Australia daily deals website, Catch of the Day, failed to inform users of a data breach that occurred three years earlier. Encrypted passwords and user information stolen from the company’s database. A small number of customers also had credit card data stolen. At the time, Matthew McMillan, a partner at law firm Henry Davis York, said Catch of the Day’s failure to alert users after such a long period of time, may have done the brand some harm. Salter said Australian businesses should regularly review and strengthen their IT and data security systems, policies and procedures and prepare for how they would report a potential data breach to authorities and customers. He said it was an important approach to mitigate the risk of litigation, especially given the emerging issues around cloud storage and offshore hosting of data. “In particular, businesses should review, or if not already in place, develop risk management and compliance policies and procedures to both prevent data breaches and deal with them in the unfortunate but increasingly likely event that they occur,” Salter said. Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia Follow Byron Connolly on Twitter: @ByronConnolly Related content brandpost Rebalancing through Recalibration: CIOs Operationalizing Pandemic-era Innovation By Kamal Nath, CEO, Sify Technologies Jun 08, 2023 6 mins CIO Digital Transformation brandpost It’s time to evolve beyond marketing to create meaningful metaverse moments Insights on the results of the Protiviti and Oxford University survey: Executive Outlook on the Metaverse, 2033 and Beyond By Kim Bozzella Jun 08, 2023 6 mins Digital Transformation feature 10 hottest IT jobs for salary growth in 2023 The demand for tech workers hasn’t slowed down, as rising salaries reveal the most sought-after tech professionals for 2023, according to data from Dice. By Sarah K. White Jun 08, 2023 8 mins Salaries IT Jobs Careers news analysis What LOB leaders really think about IT: IDC study Businesses leaders increasingly rely on digital innovation to meet their goals but are not always giving IT a say in key business decisions, a disconnect that could hinder innovation, a new IDC study has found. By Peter Sayer Jun 08, 2023 6 mins Business IT Alignment IT Strategy IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe