Businesses are being urged to prepare for law changes on cyber security that could have a big impact on them.
The changes to the Privacy Act come into force on December 1st, and it's got big implications for businesses.
The Government’s changes means that individuals or groups can take class action against organisations that have failed in their duty to safeguard data, and could be awarded up to $350,000.
Peter Bailey, the general manager at Aura Information Security, says their company has done a survey and found only 50 percent of businesses aren't aware the change is coming.
He told Heather du Plessis-Allan that businesses need to know that if they are holding customer data in their database, they are responsible for that.
"If there is a breach and a hacker gets in and takes the information, they have to inform both the Privacy Commissioner and the people who have been affected."
If they fail to inform and its discovered, then they can receive a fine of around $10,000 and a notation to explain themselves, he says.
As the class action fine is per person, Bailey says it could be very expensive for the business.
Bailey says that businesses need to show due diligence in protecting data, and have to make an effort to protect the information.
"If you can show that you are looking after the information properly and a breach has still occurred, then your not going to be hold liable for it."