A Privacy breach hits right at the heart of your clients’ trust

It has a detrimental impact on your business and can result in business closure.

Without client trust in your business (your brand), you not only lose sales, you gain negative brand advocates that can turn potential clients away from your business as well. (Bad news travels fast, more so these days with social media)!

Client trust is so vital in today’s digital environment where client expectations are increasing, competition is fierce, and clients have a ‘public voice’. Even for small and medium size businesses, it is a brand differentiator (your businesses reputation and values) that could make or break your business. You only have to look at the recent scandals around Facebook or the Australian Banks to see this happening.

The good news is that the degree of negative impact on your business from a privacy breach is in your hands. With a well-prepared ‘Data Breach Response’ (DBR) plan.

If a privacy breach is handled well, it can possibly restore and even enhance your brand’s reputation. It illustrates to your clients that your business genuinely cares about them and their needs.


Statistics of privacy breaches and the negative impact on businesses:

During 2017 in Australia, 43% of cyber-attacks targeted small businesses. Out of those, 22% have closed*. The common thread for many of the closures was poor preparation and handling of the breach resulting in loss of trust, and ultimately clients.

*Australian Small Business and Family Enterprise Ombudsman Cyber Security Guide – 2018


It is important to remember that time matters!

Regardless of the time, effort and investment you have made in building client trust, a delayed response, decision and action post breach – is a poorly handled breach. It will significantly increase negative impacts on your business, its reputation, resulting in loss of client loyalty and sales.


KEY TIPS – for developing and sustaining a Data Breach Response (DBR) plan:

  • Develop the plan with Privacy Experts (leverage accessible information from trusted resources) and with your key staff (leverage internal knowledge, to gain commitment)
  • Conduct on-going reviews of the plan (at least annually or when significant changes take place internally or externally)
  • Conduct regular staff training for those who handle personal information (plus include training in Staff Induction programs)
  • Conduct a mock drill at least once every two years.


KEY BENEFITS – your business can gain with a well-prepared DBR plan:

  • A clear and structured process during stressful times of a breach
  • Quickly brings the right people together to respond effectively (such as IT, legal, etc)
  • Documented findings and outcomes of the breach situation (know what’s happened and the potential consequences)
  • Effective reports available for management to understand and make an informed decision
  • Minimise likelihood of a re-occurrence of the breach by documented recommendations to upgrade policies and practices
  • Documented evidence of the assessment being conducted to validate effective handling of a breach.


A SMART CHOICE – to minimise negative impact of a breach on your business, speak with the experts at Privacy Proactive. We can help you:

  1. Implement a tailored Data Breach Response (DBR) plan aligned with your business needs
  2. Provide you with support during a privacy breach
  3. Ensure regulatory changes are built into your DBR plan immediately
  4. Review your DBR plan annually
  5. Provide DBR training annually to make sure everyone in your business understands their responsibilities.

How do you protect your business’s greatest asset – your clients’ information?

Your business mindset best be ‘when’ not ‘if’ a privacy breach will occur!

Our working environments have become more digital, mobile and with higher risks that expose our daily business operations. Not all businesses conduct business online however they are all still at risk.

Small to Medium businesses are often a prime target for online hackers and scammers as they typically have lower budgets and less resources they can invest into their security.

Cyber-crime amongst a number of things can include deceptive conduct like theft of critical business information (including your clients’ details) or hacking a business to obtain a client’s details or access to a supplier’s network.

Statistics of small to medium-sized business and cyber-crime incidents in Australia reveal how vulnerable they are*:

  • Cyber-crime cost to businesses in Australia is rising exponentially, costing an estimated $1 billion each year.
  • Cyber-crime is rated by SMEs as the 5th biggest risk to their business however SMEs with a turnover of approximately two million or more, almost 60% stated they did not feel well-informed about the risks of cyber-crime to their business.
  • 93% said they would like a tool. There is a need for risk-management tools for SME owner-operators to protect their businesses from cyber-crime.
  • Only one in five SMEs purchased insurance to protect them from cyber-crime.

*NSW Small Business Commissioner in May 2017

Your client information is an asset worth protecting because it can make or break your business.

There are plenty of hackers out there working on new ways to access your business information, so take steps to protect what’s yours now. Your clients entrust their personal information with you in order to do business with you. Any event of personal information being jeopardised (hacked, unauthorised access or accidentally providing client details to the wrong recipient) can do irreparable damage to your business’ reputation and in some cases close it down permanently.

Whether or not your business must comply with Privacy Regulations, your clients expect you to protect their personal information. By treating their data with the utmost level of care you have a great opportunity to gain a competitive advantage and increase the level of trust in your brand.

Having a robust and sustainable Privacy Program will prepare your business and help:

  1. minimise the likelihood of a privacy breach, and
  2. minimise the damage of a privacy breach
  3. Instil trust in your potential clients so they want to do business with you
  4. Maintain loyalty of existing clients

Clients are becoming more reluctant to share information due to lack of trust in businesses protecting their data.

A survey conducted in 2018 of over 500 Australian SMEs confirms this trend:

  • 46% of SMEs responded – their clients are increasingly opting-out of data collection and sharing information, and
  • 49% of SMEs responded – client’s data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

You can narrow this gap by proactively maintaining your business’s diligence as a trusted custodian of your client’s information and minimise the risk of a breach.

If you would like to know more, Privacy Proactive is your ally in protecting your greatest asset – your clients’ information. Contact Us

A story that could happen to you…..

Protecting customer personal information and minimising risk is often put on the back-burner – until it happens to you.

A recent example reflects this sentiment. I conducted a Current State Analysis; Risk Assessment and provided recommendations for a client (an SME). It was a busy time of year for the client and they didn’t implement the recommendations straight away.

In the mean-time a breach occurred with a customer’s personal information being sent to the wrong recipient.

Management were unsure of the action to take! It’s challenging to determine when notification is appropriate (to notify or not?). Sometimes, notifying individuals can cause undue stress or harm. For example, notifying individuals about a data breach that poses very little or no risk of harm can cause unnecessary anxiety. In my client’s situation it also didn’t help that they had limited information about the privacy breach.

After a quick ‘on-site’ consult, I implemented the Data Breach Response (DBR) Plan specifically tailored for the client. The plan was executed enabling management to have all the information in-front of them to make an informed decision about the breach.  All within sixty minutes!

Not implementing the recommendations to manage and minimise privacy breaches within their business cost management almost a week to be informed about the breach. A lot can happen within one week and breaches that may initially seem immaterial may be significant when their full implications are assessed.

My client realised how ill-equipped their staff were about the importance of handling secure information correctly and what procedures to take in the event of a breach occurring.

Timing and appropriate action can make or break the reputation of a business and ultimately their customers/sales!

I’m a small business owner and understand that the small and medium business environment is very dynamic! Maintaining your customers and growing sales are challenging, not to mention the costs associated with sourcing and training new staff and abiding by regulations.

It’s a passion of mine to help small and medium businesses protect their greatest asset; their customers and their businesses reputation. I’m providing my 35 years of corporate experience, primarily in compliance  and risk management in a cost-effective way for SME’s here at Privacy Proactive.

What are the chances of this happening to me?

  1. Approximately 8 times more breaches are being reported since February 2018 when the Notifiable Data Breaches scheme was introduced
  2. The Healthcare sector followed by the Finance sector are making most reports of breaches
  3. Malicious attacks account for 60% of breach reports with most due to humans (ie: Stolen usernames and passwords) How secure is your data and how competent are your staff in managing it?
  4. Human errors account for 35% with most common error being emails sent containing personal information to the wrong recipient
  5. In 2017, 43% of all cyber attacks in Australia targeted SMEs. Of which, 22% are now closed. SMEs are extremely vulnerably to business interruptions.

Will your business survive a Privacy breach ?

A privacy breach will have an impact on your business. It’s a given.

The degree of the impact is in your hands.

The handling of the breach will have a lasting impact on customer trust.

To the point, it can destroy your brand. However, if handled well, it can possibly restore and even enhance your brand’s reputation.

Having a well-prepared Data Breach Notification (DBN) plan will go a long way to minimising the damage of a breach when it occurs.

A few key tips to developing and sustaining a DBN Plan :

  • develop the plan with Privacy experts (leverage what’s already out there) and with your key staff (leverage internal knowledge and gain buy-in)
  • conduct on-going reviews of the plan (at least annually or when significant changes take place internally or externally)
  • conduct regular training of all staff who handled personal information and include in Staff Induction program
  • conduct a mock drill at least every 2 years.

A well-prepared DBN plan delivers to your business :

  • a structured process during stressful times of a breach
    documented findings and outcomes
  • better understanding of the situation for management to make an informed decision
  • documented recommendations to upgrade policies and practices to minimise likelihood of a re-occurrence of the breach
  • documented evidence of the assessment being conducted

Poorly handled breach has significant impact on Cathay Pacific

After over five months of being aware of a major breach (impacting approximately 9.4 million customers), Cathay Pacific finally reports it to authorities.

Significant backlash from HK authorities, other Regulators outside HK (including EU, Australia) and most importantly customers, will have a long lasting impact on trust and reputation of the company.

BEING PREPARED as best as possible with a well planned and well understood Data Breach Notification Plan is paramount to minimising damage when a breach occurs.