The Human Element of Data

With the recent changes to Australia’s data breach notification laws, as well as the kick-start of the European Unions highly publicised GDPR framework, legislators around the world are starting to put a value on the data that Governments and Enterprises hold on their citizens and customers.

The new regulations put a high price-tag on ensuring organisations are using and securing data with diligence, with initial fines our of the EU already running into the millions of dollars.

With this increased scrutiny, the belief is that the individual will also start to take more ownership of their personal information.

“As soon as you inform individuals of their right, and that they have certain power when it comes to decision making around their personal data, then they will become a lot more aware and responsible,” says Chris Gondek, one of Commvault’s ANZ data experts and evangelists.

“They will then start to hold businesses accountable for what they do with their personal data.”

Gondek believes that not only will new regulations hold organisations more accountable for how they are using data, it is going to raise the profile of the value of data to the community.

“At the moment I do not think data sovereignty is as important to the customer as it should be. I don’t think it is at the forefront of their mind.”

However with the advent of GDPR, and more locally the recent changes to Australia’s data breach notification laws, this will change quite quickly. “The data breach notification laws will really bring Australia’s regulation into the 21st century,” Chris said.

A framework, which until 1999 had remained untouched by regulators, according to the website now requires organisations to “notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.”

The impacts of the changes look to bring more accountability to how data and personal information is being used and managed. In the not too distant future, a banking institution, for instance, would be required to contact its customers if their personal information has been breached.

With customer engagement now being a requirement, it is thought that the customer as an individual will become more engaged with how their information is being used.

Penalties for not responding to Australia’s data breach scheme range from $360,000 for individuals and $1.8 million for organisations. This could potentially be a drop in the ocean for some of Australia’s larger organisations, unlike the GDPR whose fines are revenue based.

On that potential of more robust legislations hitting our shores, Gondek concludes that we might not be too far away from our own GDPR.

“I would like to think that we’re closer to an Australian GDPR than we think. It is going to take one incident, one high-profile public incident for the government to turn around and then eventually be held responsible to deliver these regulations sooner.”