accountants daily logo

Slack record retention policies ‘expose firms to cyber crime’


Holding on to client data heightens the risk of theft and turns businesses into unwitting law-breakers, says record-keeping specialist.

By Philip King 10 minute read

Many businesses unwittingly break the law and expose customer information to cyber crime by keeping it far too long, says the body representing record-keeping professionals.

The Records and Information Management Practitioners Alliance (RIMPA) said businesses were left overwhelmed by layers of confusing legislation or simply uninformed and needed help knowing where to start.

RIMPA CEO Anne Cornish said data hoarding helped to fuel the rise in cyber crime so businesses needed to be across the rules.

“Most businesses would know that you should get rid of information after a period of time, depending on your industry,” she said. “But businesses are keeping all this information for far too long and getting hacked. It’s that information that goes out to the dark web and gets used.”

“Staying informed on the latest data protection legislation and taking your data management out of the too hard basket is absolutely pivotal as cyber attacks continue to escalate.”

Figures from the National Cyber Security Alliance revealed 60 per cent of small to medium companies were shut down within six months of a cyber attack while those that survived suffered from financial losses and brand damage.

She said RIMPA had purchased an online database, the Australian Records Retention Manual, which brought together all the relevant information. Originally established by private company Information Enterprises Australia in 2017, Ms Cornish said the database was unique in Australia but barely used with just a few dozen subscribers.

RIMPA planned to redesign the database, make it more accessible and had already hired a dedicated staff member to make real-time updates.

“This brings all legislation together into a database across Australia,” she said. “It’s all states and territories inclusive and federal as well. It allows you to plug in the record type that you’re looking at either keeping or destroying – it might be customer records for telecommunication companies – and up it pops and it tells you how long you have to keep it for.”

It database also highlighted relevant legislation and gave guidance on the security level to apply and how the documents should be destroyed.

Ms Cornish said the Australian Records Retention Manual would be launched in mid-August and was relevant to any business, big or small, that held customer information.

“It’s aimed at private industry so it’s not a government database. With the marketing and the market access that we have, we’ll be able to actually grow the subscriptions to that product.”

RIMPA hoped the database would drive expansion of its own membership base of about 3,500, which is currently about 70 per cent government and just 30 per cent business, but it would also market the product more widely with accountants a key target.

“Accountants are renowned for hanging on to everything because they think it’s the right thing to do, or not knowing. So it’s about being educated in what’s right, what’s wrong and being compliant.

“This database will act as a reliable source, equipping organisations with the knowledge needed to ensure compliance and avoid severe penalties associated with mishandling private information.”



You need to be a member to post comments. Become a member for free today!
Philip King

Philip King


Philip King is editor of Accountants Daily and SMSF Adviser, the leading sources of news, insight, and educational content for professionals in the accounting and SMSF sectors.

Philip joined the titles in March 2022 and brings extensive experience from a variety of roles at The Australian national broadsheet daily, most recently as motoring editor. His background also takes in spells on diverse consumer and trade magazines.

You can email Philip on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.