Julian Plummer, managing director of Kamino Cyber Security and Midwinter Financial Services said that the Australian data notification laws which are set to receive royal assent in February will also affect offshore administrators or service providers used by Australian firms.
The recently introduced laws specify that all businesses with an annual turnover of $3 million or higher will be required to notify individuals and the regulator (OAIC) when cyber security incidents compromise personal information, Mr Plummer explained. You can learn more about the new laws and how they apply to you here.
Firms dealing with high-net-worth clients, like SMSF clients, should be particularly wary.
“Any SMSF firms that are using offshore administrators or service providers must also study the obligations closely as the mandatory data breach legislation also impacts overseas located service providers,” he said.
“So if you've got an SMSF administrator located overseas, and you're offshoring that work, and they get hit by a data breach, you will have to report on behalf of them. That's something that SMSF advisers may not be aware of.”
Mr Plummer said SMSF firms here in Australia that outsource work to offshore firms should ensure they have robust security processes in place.
“There are advantages to dealing with companies that are located in Australia as they are obliged to obey Australian laws, but generally there are ways to ensure that your partners have security front of mind, and that's to ensure that they have ISO security certification and that information is generally pretty easy to get,” he said.
Miranda Brownlee is the deputy editor of SMSF Adviser, which is the leading source of news, strategy and educational content for professionals working in the SMSF sector.
Since joining the team in 2014, Miranda has been responsible for breaking some of the biggest superannuation stories in Australia and has reported extensively on technical strategy and legislative updates. Miranda has also directed SMSF Adviser's print publication for several years.
Miranda also has broad business and financial services reporting experience, having written for titles including Investor Daily, ifa and Accountants Daily.