Mandatory Data Breach Notification Australia. What You Must Know.

In 2018, mandatory laws commence in Australia regarding data breach notifications. Are you prepared for these changes? Almost 50% of Australian small businesses are ill-prepared or unaware of how these changes will impact their business.

A study by HP found that only 18% of small businesses had a compliance policy and nearly 60% has not undertaken an IT security risk assessment in the last 12 months. In fact, less than 50% of businesses had a security policy in place for employees who bring their own devices to work.

Get the facts you need to know about the Mandatory Data Breaches Notification (NDB) scheme. Find out what it means, how it works and how you can safeguard your business from costly fines.

What is the Notifiable Data Breaches Scheme?

The Notifiable Data Breaches Scheme is a long overdue amendment to Australia’s Privacy Act. The scheme has taken over five years to pass through parliament and brings Australia in line with other parts of the world including EU, UK, Japan and nearly all US states. The scheme is part of The Australian Privacy Amendment (Notifiable Data Breaches) Act 2017 and the latest amendment to the Privacy Act 1988.

The scheme strengthens the protection of personal information and improves the transparency of data breaches, in the public and private sector. It also gives individuals the opportunity to minimise the damage that results from the unauthorised use of their personal information. Organisations that are not exempt must notify the OAIC and individuals impacted by the breach.

When does the scheme commence?

The scheme will take effect on February 22, 2018.

What is a notifiable data breach?

A data breach occurs when personally identifiable information is accessed, downloaded or viewed by someone who is not authorised to access this information. The Notifiable Data Breach Scheme applies to the disclosure of personal information that could cause serious harm to the person whose information has been disclosed.

Examples of a serious data breach include:

  • Stolen credit card details from a website’s database.
  • Confidential health records accessed by an unauthorised party.
  • Personal photos, chat history, employee records or customer’s financial data.

The harm that occurs includes:

  • Identity theft
  • Financial loss
  • Threat to physical safety and emotional wellbeing
  • Damage to reputation or relationships
  • Workplace bullying and humiliation

An organisation must give notification if it has reasonable grounds to believe that this type of data breach has occurred.

How is serious harm measured?

Under the scheme, serious harm is assessed according to the type and sensitivity of the information, whether it was protected, e.g. encryption and access controls and the people who accessed the information. The objective test assesses what is reasonable on an individual basis. The scheme uses the phrase ‘eligible data breach’ to show that not all breaches require reporting. If an organisation has taken reasonable steps to mitigate the breach, then notification may not be required.

Who must comply with the Mandatory Data Breach Notification laws?

Although protecting the personal information of your customers and stakeholders is imperative to the success of your organisation, the NDB scheme applies to the following entities:

  • Australian public sector agencies.
  • Australian organisations, businesses and not-for-profits with an annual turnover over $3 million.
  • Private sector health service providers.
  • Some small businesses and non-government organisations.
  • Entities that trade in personal information, e.g. marketing research companies.
  • Agencies and organisations covered by the Privacy Act.

To find out whether the NDB scheme applies to your organisation, click here.

What do you need to do?

Australian businesses that are not proactive in protecting their customer and stakeholders’ data have been given an overdue push to undertake a security audit for their business.
The audit should include:

  • How and why your company collects personal information.
  • How you are storing and managing personal information.
  • Your plan for responding to privacy breaches.

What do you need to do if a notifiable breach occurs?

Within 30 days of a suspected breach, you must notify all individuals who have been affected by the breach and OAIC.

What are the penalties for not complying with the scheme?

  • Company fines up to $1.8 million
  • Individual fines up to $360,000

What are the benefits of complying with the scheme?

A data breach is a serious breach of your customer and stakeholders’ trust and can negatively impact the relationship you have with them. It may take years for a customer to trust your business again or they may switch to your competitor. Compliance with the scheme ensures that you are following best practices and your employees understand the different types of threats and cyber security. You will protect your business from hackers and malicious agents while building trust with the community.

Is your business prepared for the Notifiable Data Breaches Scheme?

The Notifiable Data Breach Scheme starts on February 22nd, 2018. Is your organisation ready? Book your security audit and find out how you can protect your business from a costly data breach.

Book your security audit today. Don’t delay! Time is running out.

Got Any Questions?​

We listen and learn to understand your business challenges, so we can deliver effective solutions that meet your specific business needs. Speak with an expert now!

Why You Should Care About Data Breaches
data breach

Why You Should Care About Data Breaches Since the Notifiable Data Breaches scheme was introduced on February 22nd, data security has been Read more

Top Tips for Protecting your Client’s Data
Computer Security

Top Tips for Protecting your Client's Data With the Notifiable Data Breaches Scheme commencing on February 22nd, 2018, businesses across Australia are Read more

Mandatory Data Breach Notification Australia. What You Must Know.
IT Service in Brisbane Australia

Mandatory Data Breach Notification Australia. What You Must Know. In 2018, mandatory laws commence in Australia regarding data breach notifications. Read more

5 Steps to Take After a Data Breach
data breach

5 Steps to Take After a Data Breach There’s nothing more serious for a business than to deal with a Read more

Got Any Questions?

We listen and learn to understand your business challenges, so we can deliver effective solutions that meet your specific business needs. Speak with an expert now!

Request Quote

Move to the Cloud, Adopt These Security Measures by Essential Tech Brisbane

  Move to the Cloud, But Adopt These Security Measures to Protect Yourself and Others     The case for cloud... Read more

Three IT Challenges You Can Conquer with Co-Managed Services

  Three IT Challenges You Can Conquer with Co-Managed Services Co-managed services vary by provider, but may be the ideal solution if your... Read more

Best Practices for Efficient, Cost-Effective, and Productive Enterprises

  IT Services Best Practices for Efficient, Cost-Effective, and Productive Enterprises The emergence of new technology such as AI, big... Read more

Simple Ways You Can Keep Your Business Information Safe

  Simple Ways You Can Keep Your Business Information Safe From Loss Or Theft     As unfortunate as it is, it seems... Read more

Does the thought of lost data send chills down your spine?

  Does the thought of lost data send chills down your spine? Every organization has a common fear—loss of data. Data loss due to a... Read more

Why You Need to Move Your Business to the Cloud by Essential Tech Brisbane

  Why You Need to Move Your Business to the Cloud Managing your business with cloud services is no longer an option…it has become a... Read more

How to Get the Most out of your Managed IT Services Provider

How to Get the Most out of your Managed IT Services Provider What are Managed IT Services? A Managed Service Provider (MSP) takes care of... Read more

What You Need to Consider When Transitioning To Working Remotely

  What You Need to Consider When Transitioning To Working Remotely  The implementation of measures recommended by the Australian... Read more

Downtime Lurks Where You Least Expect It by Essential Tech Brisbane

  Downtime Lurks Where You Least Expect It   Downtime is your enemy. No matter your size, when technology is down, productivity comes... Read more

5 Steps to Take After a Data Breach by Essential Tech Brisbane

  5 Steps to Take After a Data Breach There’s nothing more serious for a business than to deal with a data breach. The effects of an... Read more

5 Steps To Make Changing IT Provider As Smooth As Possible

  5 Steps To Make Changing IT Provider As Smooth As Possible It’s official: your current IT provider is not quite meeting the goals you’d... Read more

9 Policies to Reduce IT Security and Compliance Risks

  9 Policies to Reduce IT Security and Compliance Risks   One major problem that IT security audits reveal is the lack of... Read more

8 Reasons to Choose a Managed IT Service Provider

  8 Reasons to Choose a Managed IT Service Provider Managed IT services allow you to focus on growing your business, without the worries... Read more

Top Tips for Protecting your Client’s Data by Essential Tech Brisbane

  Top Tips for Protecting your Client's Data With the Notifiable Data Breaches Scheme commencing on February 22nd, 2018, businesses across Australia... Read more

Top Tips to Protect your Business Data by Essential Tech Brisbane

  Top Tips to Protect your Business Data   The most critical issue facing businesses is cyber attacks and threats. Whether it comes... Read more

Why You Should Care About Data Breaches by Essential Tech Brisbane

  Why You Should Care About Data Breaches Since the Notifiable Data Breaches scheme was introduced on February 22 nd, data security has... Read more

All You Need To Know On Information Security In The Digital Age

  All You Need to Know on Information Security in the Digital Age     Enterprises are fast-growing in data sharing... Read more

Top 10 Managed IT Service provider in Brisbane

Best Managed IT Service provider in Brisbane Managed IT service providers are becoming the go-to IT solutions provider for small to medium scale businesses that may... Read more

Revolutionary Windows 365, the new world

Revolutionary Windows 365, the new world Businesses were thrown into disarray when the pandemic hit with the sudden need to work from home and people needing to... Read more

Essential Eight cyber security overhaul and how it affects Australian businesses

Essential Eight cyber security overhaul and how it affects Australian businesses Developed by The Australian Cyber Security Centre (ACSC) in 2017 to address cyber... Read more