iscoverThe ATO has encouraged tax practices to look into their cyber-security measures as a key priority moving forward, noting they’re among the most at risk of falling victim to data breaches.
Data breach response plan critical for tax practices: ATO
22 February 2022
•
5 minute read
In a recent update, the ATO flagged the importance of tax practices preparing for a cyber-security incident.
“Cyber criminals will often target tax practices because they hold large amounts of client information. That’s why it’s important to have a data breach response plan in place,” the ATO said.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The ATO recommended employers look into guidance directed by the Office of the Australian Information Commissioner (OAIC) and ensure they have an appropriate data breach response plan in place that includes the following:
- Clear escalation procedures and reporting lines for suspected breaches
- Processes that outline when and how affected individuals are notified
- A record-keeping policy to ensure breaches are documented
- Strategies to identify and address any data-handling weaknesses that could have contributed to the breach
“You should regularly review and test your plan and make improvements as necessary,” the ATO flagged.
“A plan like this will help you act quickly and minimise harm in the unfortunate event that a data breach does occur.
“If you are governed by the Privacy Act 1988, you should also know your obligations under the Notifiable Data Breaches Scheme. This scheme requires regulated entities to notify the Office of the Australian Information Commissioner and specific individuals about any data breaches that are likely to result in serious harm.”
You need to be a member to post comments. Become a member for free today!
