• White Facebook Icon
  • White Twitter Icon
  • White LinkedIn Icon
  • White YouTube Icon
  • White Instagram Icon

Level 9, 500 Collins St, Melbourne VIC 3000

Tel: (03) 9663 0555




Please reload

Recent Posts

What drew me back to recruitment

November 19, 2019

Please reload

Featured Posts

What you need to know about the new data breach legislation. Are you ready?

February 21, 2018

The Australian Government’s Notifiable Data Breach (NDB) legislation comes into effect today (February 22, 2018) and we are imploring RCSA members to ensure they are compliant.


Under the legislation, a large number of Australian businesses will now be required by law to notify the Office of the Australian Information Commissioner if they suspect or know of any breach of their IT systems allowing illegal and unauthorised access to the personal information of those on their databases.


Breaches must be reported within 30 days of a business becoming aware of a possible breach.




While this legislation applies to businesses with an annual turnover of more than $3 million, RCSA members will likely still need to be legally compliant because of the sheer volume of personal data we collect.


“Despite the ‘small business exemption’ in the Privacy Act, we are taking the view that most RCSA members will be covered because they trade in the supply of personal information,” RCSA's Legal advisor Andrew Wood Hon FRCSA (Life) said.


The RCSA Members’ Code of Conduct requires all members to take reasonable steps to maintain the privacy of information obtained in the course of their professional practice, regardless of whether there is any legal obligation to do so or not.


Under the NDB scheme, a breach is where personal data has been accessed which may put individuals at risk of being the victim of crimes such as identity theft.


In order to be compliant – and to ensure the data of clients and candidates is not breached – we recommend members conduct a full audit of their cyber-security if they have not already done so.


Since June 2017, our Corporate Members have had access to the RCSA privacy policy template and this has a provision for information about your Notifiable Data Breach (NDB) plan.


“There is no-one-size-fits-all solution [to cyber-security],” Mr Wood said. “However, the OAIC’s Guide to Developing a Data Breach Response Plan should put you on the right track and contains a useful Data Breach Response Plan Quick Checklist.”


Mark Laudrum, Director of RCSA Insurance, reported that more than 50 per cent of their clients are “actively purchasing cyber insurance to support them for if and when their data is breached”.


“Training and education are the best ways of minimising an agency’s risk of cyber-attack,” Laudrum explained. “The majority of data breaches occur through human error or lack of education about the best firewalls and data security technology; which can be easily breached when a team member opens a malicious file or website link.”


Laudrum warned that the sheer volume of personal data collected by recruitment agencies made them attractive targets for some criminals perpetrating ransom ware attacks.