Companies must take seriously the new reforms and update their security processes or risk being heavily penalised by the Privacy Commissioner in the case of a privacy breach. Security policies, practices and resources must be carefully considered and, where necessary, amended or reallocated to ensure the greatest protection possible.