Data breaches generally affect large businesses and organisations. The kind of information that’s released is usually:
- data that can identify particular individuals, known as personally identifiable information (PII)
- personal health information (PHI)
- trade secrets or intellectual property (IP)
- embarrassing information used to harm a brand or people.
Data breaches happen when information is:
- compromised or stolen
- released by accident
- accessed through bugs found in a computer system.
For businesses, this poses both a financial and reputational risk. It can mean that customers lose trust in the business, their brand, or see the business as being unethical. Regaining customer trust and implementing better security practices can be expensive.
For an individual, it could result in personal harm and loss. When private information about you becomes public, it can be used commit identity theft or fraud. It can even be used to embarrass or blackmail you.
Preventing a data breach
Data breaches are easier to avoid than they are to fix. Here’s what you can do to reduce the likelihood of a breach.
As a business:
- only collect information that you actually need from your customers. Be clear about why you need it
- develop a response plan for what to do if your business is affected by a data breach.
As an individual:
- don’t give out any personal information unless you know exactly who’s asking for it and why they want it. If you’re not sure, ask. Businesses have a responsibility to only collect the information they need from their customers.
If you’re affected by a data breach
Here are the steps to take when you’re dealing with a data breach.
If it’s happened to your business:
- disconnect the compromised system from the internet, but don’t turn it off. If you turn it off, you could lose evidence that will help you work out what happened
- reset the passwords for any compromised accounts
- be open and transparent with your customers. Notify anyone who could be affected immediately. Let them know:
- what information was breached
- what you’re doing to address the problem
- how they can contact you if they have queries
- when you’ve fixed the issue.
If you’re concerned that some of your personal information has been released through a data breach:
- contact the relevant business or organisation to see if the breach affects any of your accounts
- change the passwords for any accounts you think may be at risk
- get a free credit check done. This will let you see if any accounts have been opened in your name. There are three main credit check companies in NZ, and you’ll have to contact all of them. You can ask to have your credit record corrected if there’s any suspicious activity on it.
How to get a credit report in NZ
Report a data breach