Did you know that on 22 February 2018, the Australian Government is introducing the Notifiable Data Breach (NBD) Scheme? The scheme requires organisations covered by the Australian Privacy Act 1988 to notify any individuals likely to be at risk of serious harm by a data breach.
What does this mean for you?
Essentially any organisation storing customers’ personal information will be required to show certain measures have been established to protect and secure personal information. Failure to implement a data breach response plan and to show that appropriate steps have been taken in the event of a breach, could result in heavy fines and a potential inquest by the Australian Information Commission.
The Office of Australian Information Commissioner (OAIC) expects organisations to take proactive steps including, but not limited to, the following:
- Reviewing current processes, policies and procedures regarding the identification, management, notification and rectification of data breaches;
- Reviewing current privacy and information security processes and documented procedures to meet current information security obligations including data transmission processes;
- Reviewing current privacy, security and cyber-security provisions in contracts with key stakeholders including outsourced service providers, business partners;
- Ensuring that they have an adequate data breach response plan to incorporate the requirements of the new NDB scheme including the assessment of an ‘eligible data breach” for “likely risk of serious harm” and a process to decide whether or not notification to the impacted individuals and/or the OAIC is required; and
- Rolling out specific staff training and communications on the new obligations.
If you need assistance creating a data breach response plan and assistance illustrating and documenting a process in the event of a breach, Adept IT Solutions are more than happy to assist. Simply contact us on email@example.com and one of our friendly compliance specialists will assist you further.