Following the Latitude cyber breach, a string of other breaches and mishandling of consumer records in the private sector, the peak body for records management is warning businesses to act before it’s too late.
Records and Information Management Practitioners Alliance (RIMPA) CEO Anne Cornish says there is a concerning lack of compliance and regulation for records management and disposal in the private sector that has been in the too-hard basket for far too long.
“The pandemic forced businesses to digitalise – and fast. For many, this ‘digital by default’ movement came quickly and without much preparation, leading to rash decisions which unfortunately exposed many businesses to greater cyber risk,” she said.
“It’s time we question how long companies are required to maintain customer data, as the longer personal data is kept, the more at risk companies are of exposing this information to cyber hackers.”
Check out: Biggest data breach in Aust history; 14M Latitude customer records stolen
According to the latest Annual Cyber Threat Report 2021-2022, the Australian Cyber Security Centre recorded a staggering 76,000 cybercrime reports or a 13 per cent increase from the previous financial year.
RIMPA is urgently calling for a minimum standards framework for the handling and disposal of private information.
Cornish says varying and weak legislation means private businesses are also getting away with too much, putting their customers’ information a significant risk.
“A collaborative response with stakeholders, whether that be the retailer associations, RIMPA Global, government representation or cyber security experts, forming an emergency committee or inquiry could help to determine the minimum amount of data needed and how long it should be maintained,” she said.
“Afterall, what is the value of knowing a customer’s birthday for an online retail business if they may soon not shop online altogether in fear of their information being used inappropriately?”
Check out: Financial crime in Superannuation: the risk is real
Cornish says that, following the major breaches of Optus, Medibank and ANZ, it is a ticking time bomb until the next incident puts even more personal information at risk. However, she also warns that small to medium businesses are even more exposed, urging business owners to take their records and information handling more seriously.
“Whether you’re a large corporation or a small family business, personal records are personal and it’s time all businesses are held to a consistent standard to prevent these information breaches from happening in the future,” she said.