Questions arising from Optus data breach
Information provided below is NOT legal advice and is only intended to prompt you to consider options for dealing with a serious issue our industry (and others) must deal with.
I have been asked by a number of clients what they should be doing in the wake of the Optus data breach, and this is a serious concern if a company with the financial backing of Optus is able to be hacked then small businesses will most likely be even easier for hackers to gain access to.
Firstly, it is worth noting that the government has suggested they will be looking at laws regarding storage and security of personal information data and if and when the legislation is released, debated and passed we may see significant change in what is allowed to be stored.
In the interim a couple of bits of information that may help with your decision making regarding how your office handles personal information storage in the current climate:
(1) Some providers of online application services are currently reviewing their practices in relation to what they will maintain stored on their system, for example will they store the whole document, the document number, a tick box to say it was provided and sighted etc;
(2) Representatives of insurers have advised at this stage with the current laws they maintain an expectation that we as agents will be able to provide copies of identification documents and the like of renters when a claim is made and they will be pursuing the renter for payment - this may change if the legislation on storage changes.
This issue is a significant risk issue and whilst we have an absence of new legislation each business will need to provide careful consideration to how best to safeguard this information whilst ensuring you maintain access to provide insurers (and other businesses/authorities that may have a right to access) with the documents they require.
Some ideas, but these are NOT recommendations, just ideas for your thought:
Sensitive documents stored on a disconnected computer, that is no access to your network or the internet,
Hard copy storage in a securely locked cabinet,
No storage in your office system but a reliance on accessing the information through 3rd Party suppliers such as online application services (as mentioned above some of these services are reassessing there storage policies so this may not be an option in future)
Some food for thought.