You have a legal obligation to protect sensitive information you hold about employees or customers.
In February 2018, the Office of the Australian Information Commissioner (OAIC) Notifiable Data Breach scheme came into effect. You can learn more about the NDBS here.
In summary, this scheme requires certain businesses in Australia to notify individuals whose personal information is involved in a data breach that is likely to result in “serious harm”, as soon as is practicable after becoming aware of a breach.
Businesses that must adhere to the NDB Scheme include:
- businesses and not-for profit organisations that have an annual turnover of more than AU$3 million
- private sector health service providers
- entities that trade in personal information
- tax file number (TFN) recipients.
What is a data breach?
- A data breach occurs when personal information an organisation or agency holds is lost or subjected to unauthorised access or disclosure. For example, when:
- a device with a customer’s personal information is lost or stolen
- a database with personal information is hacked
- personal information is mistakenly given to the wrong person.
An business that experiences a breach must report the breach to the Office of the Australian Information Commissioner (OAIC) if they fit into the NDB criteria.
The Government takes the privacy and security of Australians personal information very seriously.
Not only this, but the potential financial, reputational and legal consequences to a business that suffers a data breach can have serious long-term ramifications.
It is crucial that every business takes an active role in protecting the sensitive and personal information it holds about its customers.
Have you experienced a data breach?
We can help with the remediation. Get in touch now.
** Update ** New fines announced in the wake of the Optus Data Breach
-
$50 million;
-
three times the value of any benefit obtained through the misuse of information; or
-
30 per cent of a company’s adjusted turnover in the relevant period.
Key statistics about Notifiable Data Breaches from the Office of the Australian Information Commissioner
These are the guys who get involved when an organisation has a data breach (we imagine Optus and Medicare are keeping them quite busy at the moment!)
Learn more here
%
of data breaches were the result of malicious or criminal attacks
%
of breaches were caused by human Error
%