Case Study

Breach of data privacy

by James d'Apice
01 October 2015
Share: 

Client: ABC Accounting

(details of matter changed to protect client's identity)

Issue:

ABC Accounting operates an accounting practice.  It uses software that allows it to access ABC Accounting clients' data online.

Earlier this year, a third party obtained one of our client's passwords without authorisation. It seems likely that our client was the target of a phishing attack or that the unknown party used malware.

The hackers obtained names, dates of birth and tax file numbers of our client's clients' employees.  It seems the hackers planned to lodge fraudulent tax returns on behalf of our client's clients' employees and have those employees' tax refunds paid to an account controlled by the hackers.

Our role:

Our client found itself in a difficult position. It sought the assistance of its software provider to manage the security breach. However, obviously, it was possible that our client's software provider might have caused the security breach, and our client might have to consider proceeding against it.

As a professional service provider our client holds professional indemnity insurance. The implications of the security breach needed to be considered in the context of the relevant insurance policies.

As a tax agent, ABC Accounting had to turn its attention to disclosure of the security breach to the Australian Tax Office.

As an "APP entity" our client was and is required to comply with the Australian Privacy Principles. The regime governing these principles is new and, in some cases, unclear. Our client's obligations, and the potential risks that ran with them, needed to be considered.

Solution:

We offered our client advice on how best to manage the applicable risks under the APPs, its various insurance policies, its continuing relationship with its software provider, and its position with the ATO.

We were pleased to be of assistance to our client in minimising its risk.

ABC Accounting sought our advice on this issue due to our experience and expertise in the area of privacy and intellectual property. It instructs other lawyers in relation to its day-to-day dealings. We were delighted to provide ABC Accounting with the benefit of our knowledge.