Knowledge is Power - but where is your data?
The Latin aphorism, scientia potential est, meaning ‘knowledge is power’ was first written by Thomas Hobbes in his 1668 literary work, Leviathan. However, the phrase is more commonly attributed to Sir Francis Bacon who did write the expression ipsa scientia potestas est, meaning ‘knowledge itself is power’ in his publication titled Meditationes Sacrae in 1597. Hobbes, as a young man, was secretary to Bacon.
A cynic may suggest that Hobbs was a thief or at best, a plagiarist but likely, he was just using the language of the day and perhaps, with some poetic licence. The question of IP (intellectual property) would most likely not have risen too often in the 16th and 17th centuries.
Regardless of your take on the subject, I agree with the philosophy that knowledge is power.
In today’s world, knowledge is not just a matter of what you learn from an education perspective, it also relies on the data that supports it. Good, reliable data is a precious commodity so losing it, regardless of your knowledge, could make you powerless. And powerless, at an unfathomable cost.
Recently, the ATO issued an alert after being notified of data breaches because of criminals breaking into the premises of some tax practices in Western Sydney. The theft of taxpayer information held on site at these premises will most likely lead to tax related fraud and scams.
Keep in mind, these were physical thefts. Accounting practices like any other business, should already be protecting their data from cyberattacks and if not, they should be getting appropriate advice on cybersecurity. This is regardless of the size of the business or organisation. Recently, the Australian Securities and Investment Commission (ASIC) in Australia and the Reserve Bank of New Zealand were both subjects of cyberattacks. The potential loss of sensitive data is mindboggling.
These incidences are believed to be connected as both organisations are reliant on 20-year-old software provided by Californian based Accellion.
ASIC quickly responded by closing credit applications once they were alerted that one of their servers, containing documents including Australian credit licence information had been hacked. ASIC acknowledged that some documents may have been viewed but no credit applications or attachments had been opened or downloaded. The server in question was also closed as a precaution.
Changes were made to the Privacy Act 1988 which included additional powers for the Office of the Australian Information Commissioner (OAIC), and tougher penalties for misuse of personal information, which commenced in early 2020.
The Attorney-General identified that the Privacy Act required updating in response to the boom of online companies trading in personal data. The changes were made in recognition of the need to protect Australians (especially children) using the Internet.
Changes to the penalty regime included an increase of the maximum penalties for misuse of personal information by entities covered by the Privacy Act, from $2.1 million for serious or repeated breaches, to the greatest of:
· $10 million
· three times the value of any benefit obtained through the misuse of information
· 10% of a company’s annual domestic turnover
The updated penalties brought Australia more in line with the General Data Protection Regulation (GDPR) penalty regime in the UK.
Regardless of where your data, including sensitive records are kept, they must be secure. The case of the West Sydney burglaries for all accountants holding paper-based documents.
The ATO in issuing its alert on the matter provided a checklist for those businesses that have experienced such break-ins, which covers areas such as confirming previous employees have no building or computer access, securing portable devices such as laptops, password management, paper file management and security, secure record destruction and security systems and surveillance cameras.
The ATO urges accounting practices that have been broken into, to call 1800 467 033 to report the incident. They warn that depending on the risk associated with the incident if there is a loss of client data, they may withdraw access to the ATO systems while the breach is remediated. Accountants should also advise the Tax Practitioners Board as there may be implications for their registration under the Code of Conduct when a breach has occurred.
More advice for accountants on this subject can be found on the ATO website: Data breach guidance for tax professionals and Security advice for tax professionals
Yes, knowledge is power but don’t be disempowered by allowing your data to go missing.