IFAs unprepared for mandatory breach reporting

In a statement, Kamino and Midwinter managing director Julian Plummer cautioned that many advisers, particularly IFAs, have not taken appropriate action ahead of the introduction of the new laws in February 2018.

After the introduction of the laws, Mr Plummer said, advisers will be required to report every “eligible data breach” to both the Office of the Australian Information Commissioner and affected clients.

“This means that if at any point you experience a data breach – you will automatically be increasing the risk of loss of confidence in your business from a client’s point of view, as you are now obliged to tell them directly when and if a breach occurs,” Mr Plummer said.

“This is a result of increased digitisation into financial planning. Securing your data will secure your business.”

Mr Plummer said advisers should start taking steps to make sure they understand their legal responsibilities, and ensure all staff are aware of and comply with IT policies and procedures, and added that it “may be a good time” to review cyber insurance policies.

“Cyber insurance offsets many of the costs of potential IT breaches, however we recommend doing adequate due diligence as one size does not fit all,” he said.