Mandatory Data Breach Notification Australia. What You Must Know.

In 2018, mandatory laws commence in Australia regarding data breach notifications. Are you prepared for these changes? Almost 50% of Australian small businesses are ill-prepared or unaware of how these changes will impact their business.

A study by HP found that only 18% of small businesses had a compliance policy and nearly 60% has not undertaken an IT security risk assessment in the last 12 months. In fact, less than 50% of businesses had a security policy in place for employees who bring their own devices to work.

Get the facts you need to know about the Mandatory Data Breaches Notification (NDB) scheme. Find out what it means, how it works and how you can safeguard your business from costly fines.

What is the Notifiable Data Breaches Scheme?

The Notifiable Data Breaches Scheme is a long overdue amendment to Australia’s Privacy Act. The scheme has taken over five years to pass through parliament and brings Australia in line with other parts of the world including EU, UK, Japan and nearly all US states. The scheme is part of The Australian Privacy Amendment (Notifiable Data Breaches) Act 2017 and the latest amendment to the Privacy Act 1988.

The scheme strengthens the protection of personal information and improves the transparency of data breaches, in the public and private sector. It also gives individuals the opportunity to minimise the damage that results from the unauthorised use of their personal information. Organisations that are not exempt must notify the OAIC and individuals impacted by the breach.

When does the scheme commence?

The scheme will take effect on February 22, 2018.

What is a notifiable data breach?

A data breach occurs when personally identifiable information is accessed, downloaded or viewed by someone who is not authorised to access this information. The Notifiable Data Breach Scheme applies to the disclosure of personal information that could cause serious harm to the person whose information has been disclosed.

Examples of a serious data breach include:

  • Stolen credit card details from a website’s database.
  • Confidential health records accessed by an unauthorised party.
  • Personal photos, chat history, employee records or customer’s financial data.

The harm that occurs includes:

  • Identity theft
  • Financial loss
  • Threat to physical safety and emotional wellbeing
  • Damage to reputation or relationships
  • Workplace bullying and humiliation

An organisation must give notification if it has reasonable grounds to believe that this type of data breach has occurred.

How is serious harm measured?

Under the scheme, serious harm is assessed according to the type and sensitivity of the information, whether it was protected, e.g. encryption and access controls and the people who accessed the information. The objective test assesses what is reasonable on an individual basis. The scheme uses the phrase ‘eligible data breach’ to show that not all breaches require reporting. If an organisation has taken reasonable steps to mitigate the breach, then notification may not be required.

Who must comply with the Mandatory Data Breach Notification laws?

Although protecting the personal information of your customers and stakeholders is imperative to the success of your organisation, the NDB scheme applies to the following entities:

  • Australian public sector agencies.
  • Australian organisations, businesses and not-for-profits with an annual turnover over $3 million.
  • Private sector health service providers.
  • Some small businesses and non-government organisations.
  • Entities that trade in personal information, e.g. marketing research companies.
  • Agencies and organisations covered by the Privacy Act.

To find out whether the NDB scheme applies to your organisation, click here.

What do you need to do?

Australian businesses that are not proactive in protecting their customer and stakeholders’ data have been given an overdue push to undertake a security audit for their business.
The audit should include:

  • How and why your company collects personal information.
  • How you are storing and managing personal information.
  • Your plan for responding to privacy breaches.

What do you need to do if a notifiable breach occurs?

Within 30 days of a suspected breach, you must notify all individuals who have been affected by the breach and OAIC.

What are the penalties for not complying with the scheme?

  • Company fines up to $1.8 million
  • Individual fines up to $360,000

What are the benefits of complying with the scheme?

A data breach is a serious breach of your customer and stakeholders’ trust and can negatively impact the relationship you have with them. It may take years for a customer to trust your business again or they may switch to your competitor. Compliance with the scheme ensures that you are following best practices and your employees understand the different types of threats and cyber security. You will protect your business from hackers and malicious agents while building trust with the community.

Is your business prepared for the Notifiable Data Breaches Scheme?

The Notifiable Data Breach Scheme starts on February 22nd, 2018. Is your organisation ready? Book your security audit and find out how you can protect your business from a costly data breach.

Book your security audit today. Don’t delay! Time is running out.

Got Any Questions?​

We listen and learn to understand your business challenges, so we can deliver effective solutions that meet your specific business needs. Speak with an expert now!

Why You Should Care About Data Breaches
data breach

Why You Should Care About Data Breaches Since the Notifiable Data Breaches scheme was introduced on February 22nd, data security has been Read more

Top Tips for Protecting your Client’s Data
Computer Security

Top Tips for Protecting your Client's Data With the Notifiable Data Breaches Scheme commencing on February 22nd, 2018, businesses across Australia are Read more

Mandatory Data Breach Notification Australia. What You Must Know.
IT Service in Brisbane Australia

Mandatory Data Breach Notification Australia. What You Must Know. In 2018, mandatory laws commence in Australia regarding data breach notifications. Read more

5 Steps to Take After a Data Breach
data breach

5 Steps to Take After a Data Breach There’s nothing more serious for a business than to deal with a Read more

Got Any Questions?

We listen and learn to understand your business challenges, so we can deliver effective solutions that meet your specific business needs. Speak with an expert now!

Request Quote

Does the thought of lost data send chills down your spine?

  Does the thought of lost data send chills down your spine? Every organization has a common fear—loss of data. Data loss due to a... Read more

Top IT Jargon that every CIO should know

  Top IT Jargon that every CIO should know The IT world is full of jargon and techy sounding words. Misunderstandings can make... Read more

Why You Need to Move Your Business to the Cloud

  Why You Need to Move Your Business to the Cloud Managing your business with cloud services is no longer an option…it has become a... Read more

Choosing Between an MSP vs. Internal IT Department

 Choosing Between an MSP vs. Internal IT Department If you own a business, there’s a pretty good chance that you use some form of technology. And, as... Read more

Business Website: Don’t Set It and Forget It

Business Website: Don’t Set It and Forget It The Importance of Maintaining Your Website  Just having a website up and running is not... Read more

What You Need to Consider When Transitioning To Working Remotely

  What You Need to Consider When Transitioning To Working Remotely  The implementation of measures recommended by the Australian... Read more

Social Engineering: Attacking the Weakest Link

  Social Engineering: Attacking the Weakest Link     What is Social Engineering and Why It’s So Effective? Social engineering is... Read more

Downtime Lurks Where You Least Expect It

  Downtime Lurks Where You Least Expect It   Downtime is your enemy. No matter your size, when technology is down, productivity comes... Read more

5 Steps to Take After a Data Breach

  5 Steps to Take After a Data Breach There’s nothing more serious for a business than to deal with a data breach. The effects of an... Read more

How Much Does it Cost your Business to Use Old Computers?

  How Much Does it Cost your Business to Use Old Computers? Reducing costs and improving employee productivity are some of the top... Read more

A Simple Hybrid Cloud Solution Saves Money and Improves Productivity. BallyCara Case Study

A Simple Hybrid Cloud Solution Saves Money and Improves Productivity. BallyCara Case Study Find out how Essential Tech... Read more

Take Control of Unpredictable IT Bills. Calibre Real Estate Case Study

Take Control of Unpredictable IT Bills. Calibre Real Estate Case Study Unpredictable IT bills are a challenge for... Read more

From Oonadatta To Wangaratta; Do Your Staff Work Remotely? DECC Case Study

From Oonadatta to Wangaratta; Do your Staff Work Remotely? DECC Case Study If your business operates from multiple... Read more

Are you Prepared for Rapid Business Growth? CUSP Case Study

Are you Prepared for Rapid Business Growth? CUSP Case Study Would your IT be capable of adapting to rapid business growth?... Read more

Protecting Your Business from Cyber Threats

  Protecting Your Business from Cyber Threats     Once, businesses and corporations mainly faced threats from the... Read more

Is Slow Internet Holding You Back? Kids Matters Case Study

Is Slow Internet Holding You Back? Kids Matters Case Study Slow internet speed and limited connectivity between your... Read more

Top Tips for Protecting your Client’s Data

  Top Tips for Protecting your Client's Data With the Notifiable Data Breaches Scheme commencing on February 22nd, 2018, businesses across Australia... Read more

Top Tips to Protect your Business Data

  Top Tips to Protect your Business Data   The most critical issue facing businesses is cyber attacks and threats. Whether it comes... Read more

Why You Should Care About Data Breaches

  Why You Should Care About Data Breaches Since the Notifiable Data Breaches scheme was introduced on February 22 nd, data security has... Read more

All You Need To Know On Information Security In The Digital Age

  All You Need to Know on Information Security in the Digital Age     Enterprises are fast-growing in data sharing... Read more