Are you ready for the Notifiable Data Breach Scheme?

Are you ready for the Notifiable Data Breach Scheme?

Notifiable Data Breach Scheme

On Thursday 22 February 2018, the Notifiable Data Breach Scheme (NDBS) will come into effect. This will affect organisations that are already covered by the Privacy Act, businesses with a turnover greater than $3 million, health service providers, entities that collect personal information and credit reporting bodies.

The NDBS requires these businesses and organisations to report eligible data breaches to the Office of the Australian Information Commissioner (OAIC) as well as affected individuals.

The scheme requires affected businesses to take reasonable steps to ensure the security of personal information including but not limited to:

  • sensitive information such as about an individual’s health
  • documents commonly used for identity fraud (including Medicare card, drivers licence and passport details)
  • financial information

To prepare for the NDBS, we suggest the following three steps:

  1. Assess any security risks in your organisation.
  2. Put strategies in place to minimise these risks.
  3. Prepare a data breach response plan if you identify any suspected breaches.

CyberGuru can help your organisation address these through review and improvement of your computer systems, as well as implementation of training and education to staff, contractors, and ongoing support and advice on how to manage these. Please contact us for more information.

For further information regarding the NDBS can be found on the Office of the Australian Information Commissioner (OAIC) (link opens in new window) website.

What is domain privacy and do I need it?

What is domain privacy and do I need it?

Image of text reading "www."

When you register a .com or .net domain name, your personal contact information such as name, email address and phone number is stored in a publicly accessible database known as WHOIS.

As a result, it is possible for spammers to review the WHOIS database and attempt to contact you. This can include fictitious renewal notifications, offers for website or search engine optimisation reviews or general unsolicited emails.

To prevent this, you can purchase a Domain Privacy product when you purchase your domain name. Domain Privacy prevents unauthorised visitors from viewing your personal information, while allowing access to the necessary people so that official communications such as renewal notices from your service provider can be sent to you.

Australian domain names have different policies and include a higher level of protection of personal information. Only the registrant entity, contact names and email addresses details are available to the public from the .au WHOIS.

You can add Domain Privacy to your website through your domain name registrar. If your domain name registrar doesn’t provide this service, we can transfer your domain name to our servers and offer this to you.

If you would like more information on Domain Privacy, please contact us.