Continuous disclosure: new data breach example added to ASX Guidance Note 8

Articles Written by John Keeves (Partner)
Circuit board with micro chips

In response to market feedback, ASX has released a useful data breach example to be included in its Guidance Note 8 on Continuous Disclosure, which will take effect from 27 May.

Entities listed on ASX have obligations to make immediate disclosure of information material to investors, subject to limited exceptions, all of which require information to remain confidential.

The new example provides high-level guidance to ASX-listed entities on when disclosure may be required in connection with a data breach, and what might need to be disclosed. This type of decision requires consideration of the nature and extent of the data breach and confidentiality issues.

For example, while confidential consultation with regulators might not trigger disclosure, formal notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals will mean that confidentiality is lost, and the disclosure obligation may be triggered.

The new example recognises that determining materiality will often be difficult, and unsurprisingly suggests that it may be prudent to make a release to ASX at the point of notification to OAIC and affected individuals, to ensure that continuous disclosure obligations are met.

The key trigger for disclosure is of course materiality, and this may be hard to judge in a quickly unfolding data breach response situation. The ASX suggests the possible use of a trading halt to provide time to prepare an appropriate announcement. That said, the fact that a situation is developing and all facts not yet known is not a reason to delay disclosure of what is known.

While the ASX’s new guidance is useful and appreciated, and will repay careful study, disclosure decisions around significant data breaches require careful consideration having regard to the particular circumstances.

The legal responsibilities of senior executives and non-executive directors in relation to data breaches is an area that warrants close attention in the current environment. ASIC has indicated the potential for enforcement action if directors and officers fail to take reasonable steps to prepare for the almost inevitable data breach.

Statements to ASX concerning data breaches (and other public statements) are a critical part of an entity’s response to a data breach, and senior executives and boards will be well served by having comprehensive response plans in place, and regularly testing them.

Important Disclaimer: The material contained in this article is comment of a general nature only and is not and nor is it intended to be advice on any specific professional matter. In that the effectiveness or accuracy of any professional advice depends upon the particular circumstances of each case, neither the firm nor any individual author accepts any responsibility whatsoever for any acts or omissions resulting from reliance upon the content of any articles. Before acting on the basis of any material contained in this publication, we recommend that you consult your professional adviser. Liability limited by a scheme approved under Professional Standards Legislation (Australia-wide except in Tasmania).

Related insights Read more insight

JWS appoints Isaac Evans, further deepening the firm’s corporate advisory, M&A, ECM and PE expertise

Leading independent Australian law firm Johnson Winter Slattery (JWS) has appointed Isaac Evans as a Special Counsel in its Corporate team. Isaac is based in Brisbane and joins JWS from Baker...

Mandatory climate-related financial disclosure bill introduced

Legislation for Australia’s mandatory climate-related financial disclosure (CRFD) regime was introduced into Parliament on the last sitting day before Easter. This is the next step in a process...

Above Board: Board Advisory and Governance Update – Autumn 2024

Our quarterly update covers recent developments in the governance space, including the Closing Loopholes No.2 amendments to the Fair Work Act, amendments to the foreign bribery laws, the release of...