Mandatory Data Breach Reporting begins from 22 February 2018
- you want to NOT be in the press for an NDB incident!
- Privacy Amendment (Notifiable Data Breaches) Bill 2016 passed Feb 13, 2017
Parts of this post are extracted from the OAIC site. We recognised the OAIC as the source of some of the info here.
The NDB scheme will strengthen the protections afforded to everyone’s personal information, and will improve transparency in the way that organisations respond to serious data breaches. This in turn supports consumer and community confidence that personal information is being respected and protected. It also gives individuals the opportunity to take steps to minimise the damage that can result from unauthorised use of their personal information.
The Important Bits
A Notifiable Data Breach is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates.
A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
Examples of a data breach include when:
- a device containing customers’ personal information is lost or stolen
- a database containing personal information is hacked
- personal information is mistakenly provided to the wrong person.
Quick Steps or Action Items:
We recommend that all organisations review their practices, procedures and systems for securing personal information in preparation for the scheme.
The OAIC has a comprehensive Guide to securing personal information to assist you with this.
We also recommend you work with us to position your business. We recommend any portable devices should be encrypted and all cloud data should be secured by 2FA in addition to your passwords. It’s a good idea to regularly change passwords and compile a registrar of who has access to what data and have an action plan to implement in the event you have a breach.
Special Note for those dealing with the UK or EU Citizens:
The EU General Data Protection Regulation (GDPR) is some the most important data privacy regulation in 20 years.
It takes effect 25 May 2018.