Super advisers falter on data compliance as guidance lacks
Industry surveying continues to find superannuation advice professionals are ill-prepared for new data laws now in force, which may be due to a lack of guidance from the regulators.
More research has surfaced which indicates the superannuation and advice community has not appropriately structured data security practices to comply with the Data Breach Notification Laws which came into effect on 22 February.
Surveying by Kamino Cyber Security shows 32 per cent of respondents were aware of the laws in October last year, and the remaining 68 per cent were either completely unaware or only somewhat aware.
This survey was conducted across metropolitan and regional centres nationwide to 69 practices. Although a small sample size, it is consistent with other bodies of research, including from Telstra and the Australian Small Business and Family Enterprise Ombudsman.
“Small businesses can’t afford not to understand what the new laws mean to them, and... 44 per cent of Australian businesses are not fully prepared,” said ombudsman Kate Carnell.
“Another report by Telstra last year found 33 per cent of small businesses don’t take proactive measures to protect against cyber breaches,” she said.
Regulators like the Tax Practitioners Board (TPB) have warned the tax and BAS agent community that failure to comply with the new laws may be considered a breach of the Code of Professional Conduct.
However, senior tax adviser at the Institute of Public Accountants (IPA), Tony Greco, believes accountants should be handed more guidance from government before major cautions are issued.
“Accountants need to be told, in black and white, what is reasonable and what they need to do,” Mr Greco told SMSF Adviser.
“The penalties are there for good reason, but our members need to be told how to avoid getting there in the first place,” he said.
Consistent with messaging from industry and the regulators, Mr Greco’s sense is that those captured by the laws are in “catch up mode” as they come to grips with the enormity of cyber security in practice management.
“Most people need to be aware that a cyber breach is now a case of when, not if,” Mr Greco said.