On Thursday 22 February 2018, the Notifiable Data Breach Scheme (NDBS) will come into effect. This will affect organisations that are already covered by the Privacy Act, businesses with a turnover greater than $3 million, health service providers, entities that collect personal information and credit reporting bodies.
The NDBS requires these businesses and organisations to report eligible data breaches to the Office of the Australian Information Commissioner (OAIC) as well as affected individuals.
The scheme requires affected businesses to take reasonable steps to ensure the security of personal information including but not limited to:
- sensitive information such as about an individual’s health
- documents commonly used for identity fraud (including Medicare card, drivers licence and passport details)
- financial information
To prepare for the NDBS, we suggest the following three steps:
- Assess any security risks in your organisation.
- Put strategies in place to minimise these risks.
- Prepare a data breach response plan if you identify any suspected breaches.
CyberGuru can help your organisation address these through review and improvement of your computer systems, as well as implementation of training and education to staff, contractors, and ongoing support and advice on how to manage these. Please contact us for more information.
For further information regarding the NDBS can be found on the Office of the Australian Information Commissioner (OAIC) (link opens in new window) website.