Understanding the Notifiable Data Breach Scheme and how it affects your Business
The Australian Government established the ‘Notifiable Data Breach’ (NDB) scheme, to ensure that affected individuals are notified about serious data breaches.
The NDB scheme applies to all businesses, government agencies and other organisations covered by the Australian Privacy Act 1988 (Privacy Act) and commenced on 22 February 2018.
What is a data breach?
A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference.
Examples of a data breach include when:
- a device containing customers personal information is lost or stolen
- a database containing personal information is hacked
- personal information is mistakenly provided to the wrong person.
What is a Notifiable Data Breach?
A Notifiable Data Breach is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates.
The NDB scheme requires organisations to notify any individuals affected by these serious data breaches.
This notice must include recommendations about the steps that individuals should take in response to a serious data breach. The OAIC must also be notified or you are at risk of receiving a large fine for not doing so.
Organisations will need to be prepared to conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm.
Why is the NDB scheme important?
The NDB scheme will strengthen the protections afforded to everyone’s personal information, and will improve transparency in the way that business and agencies respond to serious data breaches.
This in turn supports consumer and community confidence that personal information is being respected and protected.
It also gives individuals the opportunity to take steps to minimise the damage that can result from unauthorised use of their personal information.
How will PCSOFT assist me to prepare for the NDB scheme?
PCSOFT can help to develop practical guidance on complying with the NDB scheme.
Our NDB guidance will focus on key changes to current best practice, including the threshold for notifying a serious data breach, and assessing suspected data breaches. Our guidance will also clarify the OAIC’s regulatory role in the NDB scheme.
There will also be a series of consultation events on the NDB scheme held in Australian capital cities through the Privacy Professionals' Network.
The best course of action is to read through the law here, and then call PCSOFT on 02 98730080 to see how our technology professionals can help you structure your network and data security policies to adhere to even the most stringent security mandates.