Julian Plummer, managing director of Kamino Cyber Security and Midwinter Financial Services said that the Australian data notification laws which are set to receive royal assent in February will also affect offshore administrators or service providers used by Australian firms.
The recently introduced laws specify that all businesses with an annual turnover of $3 million or higher will be required to notify individuals and the regulator (OAIC) when cyber security incidents compromise personal information, Mr Plummer explained.
Mr Plummer used the common example of an SMSF firm that ships their administration services overseas.
“Any SMSF firms that are using offshore administrators or service providers must also study the obligations closely as the mandatory data breach legislation also impacts overseas-located service providers,” he said.
“So if you've got an SMSF administrator located overseas, and you're offshoring that work, and they get hit by a data breach, you will have to report on behalf of them. That's something that SMSF advisers may not be aware of.”
You can learn more about the new laws and how they apply to you here.