New Data and Privacy Laws have started- are you compliant?!
Amanda Karpeles BA LLB., MHlthSci (Dist)
►REMOTE & SOLE WORKERS SAFETY CHECK-INS ►REAL TIME EMERGENCY RESPONSE ►REAL TIME SUPPORT ► GENUINE SAFETY COMMUNICATION ► SITUATION AWARENESS ► AUSTRALIAN OWNED ► #systembasedsafety
The Notifiable Data Breaches scheme (NDB)
NDB scheme applies to all agencies and organisations with existing personal information security obligations under the Australian Privacy Act from 22 February 2018.
Data breach notification obligations to notify individuals:
- whose personal information is involved in a data breach
- when a data breach is likely to result in serious harm
This notification must include recommendations about the steps individuals should take in response to the breach.
The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.
Agencies and organisations can lodge their statement about an eligible data breach to the Commissioner through the Notifiable Data Breach statement
Agencies and organisations must be prepared:
- to conduct a quick assessment of a suspected data breach
- to determine whether it is likely to result in serious harm, and
- to determine whether a result requires notification.
Which data breaches require notification?
An ‘eligible data breach’, which triggers notification obligations, is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates.
A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
Examples of a data breach include when:
1. a device containing customers’ personal information is lost or stolen
2. a database containing personal information is hacked
3. personal information is mistakenly provided to the wrong person.
Who Must Comply?
This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.
Prepare a data breach response plan!
Agencies and organisations should also prepare or update their data breach response plan to ensure they are able to respond quickly to suspected data breaches, and conduct an assessment as required under the NDB scheme.
For more information go to:
The OAIC’s Data breach notification — A guide to handling personal information security breaches and Guide to developing a data breach response plan provide a best practice model you can use to inform your data breach response plan.
Amanda Karpeles
CEO
Raise DM Pty Ltd