Free HR Services from our Employee Relations Experts. Find out more.

Our Business Services

Chamber of Commerce & Industry WA

With over 130 years of experience representing WA businesses, we’re ready to help with the resources and advice you need to succeed.

Employee Relations Helpline

Employee Relations Helpline

Get timely, reliable and practical employee relations advice on employment laws, the awards system and other human resource matters. CCIWA Members get unlimited access.

Legal Services

Legal Services

Our team of experienced, client-focused business lawyers offer a full range of Commercial Law & Employment Law services for all your essential legal needs.

Accounting & Taxation Services

Optima Partners and CCIWA

Innovative and personalised accounting, taxation and business advisory services that focus on delivering the best results to help your business grow.

Workplace Health & Safety Services

Workplace Health & Safety Services

Unlock the potential of your business with our suite of staff training and development programs, crafted by workplace relations experts and tailored to your business needs.

Construction & Mining IR Services

Construction & Mining IR Services

We offer extensive, independent and practical industrial and labour relations support to the engineering, construction and mining industries.

Workplace Training & Development

Workplace Training & Development

Unlock the potential of your business with our suite of staff training and development programs, crafted by workplace relations experts and tailored to your business needs.

Apprenticeship Support Australia WA

Apprenticeship Support Australia WA

Our dedicated team specialises in assisting employers maximise the benefits of investing in apprenticeships and traineeships to build local skills for the diverse WA workforce. Our team of experts will provide all the advice, support and services you need — free of charge.

Work Integrated Learning – Internships

Work Integrated Learning - Internships

Tap into WA’s future workforce with our Work Integrated Learning – Internships program. This free service facilitates university student work experience placements for your business.

Industry Capability Network WA

Industry Capability Network WA

Connecting your business with mining, construction, infrastructure, defence and other major projects using the ICN Gateway.

International Trade Services

International Trade Services

Take your business global using our comprehensive suite of international trade services to streamline importing and exporting, reduce risks and identify international partners.


Securing your future: why cyber awareness is vital for NFPs and charities

By CCIWA Editor 

Cyber criminals do not discriminate. Recent cyber-attacks on some of the largest charities in Australia are timely reminders that the not-for-profit (NFP) sector is not immune. And regardless of the size of the NFP or charity, they can be subject to an attack at any moment.

Our Commercial Legal team offers tips and advice.

Cyber security awareness

October is Cyber Security Awareness month and the theme for 2023 is “be cyber wise – don’t compromise”. Small actions can make a big difference. This includes regularly updating your devices, multi-factor authentication, backing up files and using passphrases.

The consequences of a cyber-attack can be significant and damaging for any NFP or charity, resulting in a loss of trust and reputation, costs to restore services, potential claims for damages from misuse of personal information, breaches and possible penalties for failing to comply with legal requirements. 

Data breach – a lesson learnt 

Earlier this year, Pareto Phone, a third-party tele-fundraising service provider for numerous Australian charities, was subject to a cyber-attack that led to the exposure of charity donors’ personal information being released on the dark web. 

Pareto Phone was found to have held data of some donors dating back to 2013 and 2014, without the charity’s knowledge. Charities affected included The Cancer Council, WWF Australia, Australian Conservation Foundation and Plan International Australia. The breach serves as a timely reminder that the digital landscape in which many charities and NFPs operate in is constantly changing and evolving. 

Turn your mind to data security

The Pareto Phone data breach has brought the issue of data retention to the forefront. Pareto Phone continued to hold the personal information of donors, even after the service contract had ended. Organisations need to constantly review and assess the data they are providing to third parties and the data they are holding and ensure contract terms deal with data destruction after termination.

Privacy law reform has been the subject of recent government attention. In February 2023, the Attorney General released the Privacy Act Review Report which put forward 116 proposals for the reform of Australia’s privacy framework, aimed at clarifying the scope of the Privacy Act 1988 (Cth), uplifting protections for individuals, providing clarity to regulated entities and enhancing enforcement mechanisms. Of relevance was the appropriateness of the exemption of the Privacy Act that is currently applicable to small businesses with an annual turnover of up to $3 million.

Regardless of the changes yet to come, there may be a variety of reasons why an NFP needs to comply with the Privacy Act. This includes provision of health services, relations to a larger body corporate or provision of services with the Australian Government. However, it is good practice for NFPs and charities to commit to good privacy practices. This creates good public and consumer confidence that the NFP or charity is taking positive steps towards protecting and implementing responsible handling of personal information collected and handled by the organisation. 

Action from boards

Although cyber security should be at the top of everyone’s priorities, the ultimate responsibility rests with the board or ‘responsible people’. The organisation’s board should check the current cyber security measures and ensure effective data governance practices are in place. A cyber-attack should be acknowledged as a matter of ’when’ not ’if’. 

Boards should have visibility of potential risks and monitor these issues closely and ensure steps are in place to mitigate risks. This includes:

  • developing and implementing a cyber strategy such as a data breach response plan; 
  • incorporating and assessing cyber risk within the risk register or risk management plan; 
  • preparing and implementing policies within the organisation such as data retention policies; and 
  • educating and training staff and management on being cyber aware.

It is incredibly important that boards start acting not only to identify where the organisation's cyber security risk is currently sitting but also to set goals to strive to be a resilient organisation. 

Charities registered with the Australian Charities and Not-for-profits Commission (ACNC) are required to comply with the ACNC Governance Standards and should keep them in mind when handling, managing and storing people’s personal information along with any other legal obligations.  

If you have not started becoming cyber security and data protection aware, now is the time. Our Commercial Legal team can assist with introductory data protection and data breach incident response toolkits, as well as reviewing agreements, policies and procedures.  Please contact Cass Wright and Chantelle Mulla at [email protected] or call (08) 9365 7560 for further information. 

Tagged under: