The Australian Government has introduced new legislation to protect consumer privacy and personal information by enforcing organisations to be transparent when it comes to data breaches. This is the latest amendment of the Australian Privacy Act 1988 and will be known as the Notifiable Data Breach scheme and will come into effect on the 22nd February 2018.
Who and how does it affect companies today?
It has been mandated that organisations must provide written notification of the accidental disclosure of PI. With organisations moving toward the cloud and mobile channels, the increased risk of information disclosure and fraudulent activity will mean organisations need to employ methods to enhance visibility into the use and outflow of PI throughout their organisation.
So who will this apply to?
What is deemed a data breach under the NDB scheme?
An organization is only required to notify when a data breach is likely to result in serious harm to the individual who the information is related to. There will be some exceptions which means not all breaches would need to be notified to the individual or commissioner.
What is considered serious harm?
How to notify?
Prepare a statement and give a copy to the Commissioner as soon as you believe there is an eligible breach. It must have the following information:
This should be sent directly to the individuals involved. If this is not possible one must publish a statement on their website and take reasonable steps to publicise the contents of the statement.
Steps to take?
If you are concerned about this new legislation and how it may impact your business now is the time to discuss. Vizstone can work with your organisation to provide the right solution for your business ensuring you have the correct technology in place.
For more information check out the following links.