March 31, 2016

Digital Security and the Australian Consumer Law

Digital security is a hot topic in the news right now. From celebrities to nation states, everybody has data they’d like to keep private. For software providers, that means having up-to-date security measures.

In Australia, software providers need to adhere to the Australian Consumer Law (ACL), which applies to all suppliers of goods and services to customers in Australia.

Privacy Law

Australian law requires businesses to secure the personal information of their clients and customers. Businesses must also protect this information from being lost, misused, or given away.

If your business collects clients’ personal information, you are required to take reasonable steps to secure it. Unfortunately, Australian privacy law is rather broad when defining ‘reasonable steps’. Nevertheless, here’s a list of things you should consider:

• whether you collect very, very personal information – known as ‘sensitive information’;
• whether there could be negative consequences if the information is breached;
• the size and quantity of the information;
• the time and cost involved in implementing security measures; and
• whether a security measure itself is invasive;

Australian Consumer Law

The ACL requires that software:

• achieves the desired results of the client;
• is ‘fit for purpose’ and consistent with the client’s desires; and
• is delivered with appropriate care and adequate skill.

Remember that some requirements of the ACL are binding no matter what. These requirements are known as ‘guarantees’. You can read more about them here.

Fit for Purpose?

As with “reasonableness”, the ACL is quite broad in the definition of ‘fit for purpose’.

For example, if a client fails to ask for certain security measures (and you don’t provide them), you could be in breach of the ACL.

The test is whether a reasonable person in the client’s position would require or expect those security measures to be put in place.

Conclusion

If your software does not have adequate security measures, you could be in breach of both Australian privacy law and consumer law.

Contact our Technology Team to make sure your services are up to industry standard.