October 22nd, 2018
Going from hero to zero
You can spend years building trust and brand loyalty with your customers only to have your efforts destroyed in minutes by a data security breach. As if that was not bad enough in itself, new laws attach significant fines to any failure to keep customer data safe.
One of the most historically notorious data security failures was the Ashley Madison case where the business was forced to pay US$11.2 million in compensation to 37 million customers of their online ‘Have an Extramarital Affair’ dating website after personal details were exposed to the public. (The compensation amounted to about US$3,500 per customer.)
Another notable example was a recent data breach which affected up to 90 million Facebook user accounts in September 2018. Facebook responded immediately but even so, the event sent the brand’s share prices tumbling. And despite their prompt action, under the data breach laws in the UK where the problem initially occurred, Facebook is facing a maximum fine of up to 4 percent of its global revenue from 2017 – which could amount to more than £1.25 billion.
Australian laws are just as tough
Whilst these are both high profile examples, a data breach in your business could also be very damaging to your reputation and could have a serious impact on your profits.
In February this year, new privacy laws came into effect in Australia which include mandatory notifiable data breach provisions. The Notifiable Data Breaches scheme under the Australian Privacy Act 1988 (NDB scheme) obligates you to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm, and provide recommendations about what steps the individual should take in response to the breach.
Failure to comply with the NDB scheme can attract fines up to AUD$2.1 million. You can get the full details in our recent blog article, but basically, you must notify Connective and if you’re an ACL holder, the Office of the Australian Information Commissioner (OAIC) as soon as you realise that a notifiable data breach has occurred.
The Trust Equation
According to recent research from Deloitte Digital*, trust is a critical driver of loyalty. It is not sufficient for financial services businesses to simply talk about trust – you must actively “diagnose, improve and manage” data security for better trust outcomes. According to the research, an organisation’s digital trustworthiness is impacted by three pillars: ethical intent, capability and an alignment to customer interests.
What this research tells us is that to maintain your customer’s trust in today’s digital world, you need to establish a data security policy and processes which:
Where do the risks lie?
Risks for mortgage and finance brokerages mostly come from external factors, such as:
What can you do right now?
For more information and an invitation to our upcoming webinars about establishing appropriate data security practices in your business, watch your email inbox and Connective News. In the meantime, if you have any questions or concerns, talk with your local Compliance Support Manger. To get in touch, simply click your help icon in Mercury. We’re happy to assist.
*Info sources: Deloitte Digital Research July 2018: Restoring Trust in Financial Services in the Digital Era. ASIC Report 555: Cyber resilience of firms in Australia’s Financial Markets November 2017.
Adelaide Bank AMP ANZ Auswide Bank of Melbourne Bank of Queensland Bank SA BankWest Better Choice Home Loans Bluebay BMM CBA Connective Advance Connective Elevate Connective Essentials Connective Select Connective Solutions Citibank Firefighters Mutual Bank FirstMac Gateway Gateway Bank Health Professionals Bank Heritage Homeloans homestart IMB ING Commercial ING Residential Keystart Latitude Financial Services Lumi MA Money Macquarie ME Bank MyState NAB NAB Broker Newcastle Permanent P&N bank Pepper Money Resimac St George Suncorp Teachers Mutual Bank uBank Unibank Westpac