Home' micenet eMag : micenet June 2018 Contents M
r Crouch says over the past
18 months, he has
witnessed a spate of data
breach issues affecting
several of his clients, both large and small –
and in very diverse industries.
He says those operating businesses in the
meetings and events sector are particularly at
risk because they typically handle large
quantities of data concerning the individuals
who attend events and also because they are
dealing with a huge range of suppliers who
work as a “middle-man” for the businesses’
“Commonly, data breach occurs where a
computer hacker invades your IT system,
including your email account or cloud-stored
database, for the purpose of perpetrating
some kind of fraud – on you, your customers
or suppliers,” Mr Crouch explains.
“One of the most common scams is the
`fake invoice caper’. The hacker breaks and
enters your IT system - remotely of course,
often by working out your password. He
views the emails stored on your computer
and makes a realistic copy of your email in
terms of its look-and-feel.
“Then, he sends an email to one of your
customers, perhaps with a dummy invoice
(also realistically copied from your computer)
for services provided, but requesting
payment to a bank account number that, of
course, is controlled by the hacker himself.
Sometimes the customer does not notice that the email is not from your usual email address –
and sometimes the client proceeds to pay the invoice to the (fraudster’s) bank account.”
Mr Crouch says the other concern is that when a hacker hacks into your computer and
accesses your email account and database, he may gain access to business data that you and
your customers would not want to be leaked.
“In addition, the hacker may gain access to the personal information of many (perhaps
thousands) of individuals whose information you have collected in order, for example, to register
for the conference or event that you or your client is hosting. When hacking occurs, you may
not be able to determine what information has been accessed.
“When business information is hacked, that is of course a real concern and provisions in your
contracts with clients and suppliers may be triggered. Contracts often require service providers
(such as event managers and PCOs) to maintain security of confidential information and prevent
“Some contracts make this obligation an `absolute’ obligation so that, even if you have
sophisticated security measures, when confidential information is hacked, you are nevertheless
in breach of the contract. A breach of confidentiality (even one that is the result of criminal
activity by a fraudster/hacker) will often entitle your client to terminate and sue you for loss.”
Mr Crouch says this highlights the need for good contracts, and warns business event
companies that they should always avoid making confidentiality and data security promises in
their contracts that could be interpreted as `absolute’ “because such promises expose your
business to liability even where the fault lies with a criminal hacker”.
“From what the experts have told me, there is no IT security system that is foolproof or 100
per cent secure – so at most, you should promise only that you will take reasonable steps in the
circumstances to keep data secure. A small PCO should not, for example, be required to
spend millions on security measures that would keep a CIA operative at bay!
“You should try to structure your confidentiality and data security obligations so that if you are
hacked and your customer suffers a loss, you are not liable unless you have been reckless or at
least negligent in your handling and storage of the data.
He suggests planners also investigate the possibility of cyber-risk insurance.
“When a hacker gains unauthorised access to personal information of others stored in your
ITS system, this will now be a privacy issue. The Commonwealth Privacy Act contains new
laws concerning data breach that impose obligations on the victims of hacking – which we will
delve into next time.” m
In the wake of Facebook’s security leak, resident legal writer,
Matt Crouch, says data breach issues are by no means
confined to big social media platforms.
DATA BREACH WARNING
NEWS | BRAD FOSTER
micenet | 5
Links Archive micenet April 2018 micenet August 2018 Navigation Previous Page Next Page