The Notifiable Data Breaches Scheme (NDB) will commence in February 2018.Enacted through the Privacy Act 1988 (Cth), it requires organisations to notify indivuatls and the Office of the Australian Information Commissioner (OAIC) if a data breach is likely to cause serious harm.
A data breach is defined by a two stage test:
- Firstly, it must include unauthorised access to personal information, for example by hacking, loss of an electronic device or mistakenly sent email; and
- the access will likely result in serious harm to any individuals to whom the information relates.
Once it is determined that a data breach has occurred, it will be assessed to determine if it can cause serious harm. While there is a non-exhaustive list of relevant matters, each breach should be assessed on a case by case basis.
Not all breaches will require you to notify the affected persons; for example if you are able to recover the information and confirm it has not be properly viewed. If, however, it is a notifiable breach you must make a statement to the OAIC as well as inform all individuals affected (either directly or by public notice).
Hume Taylor & Co can assist you in putting a response framework in place or meeting your compliance obligations in the case of a data breach. Call us on 8223 3199 to make an appointment today.
Recent Comments