The Notifiable Data Breach Scheme
What it is
The Notifiable Data Breach Scheme requires most Australian businesses who store data that contains personally identifiable information, to notify their customers and the Privacy Commissioner if that information is accessed by unauthorised parties, lost or hacked.
Why it’s important
You need to have a plan in place for identifying and reporting breaches to both your customers and the Privacy Commissioner if your business is required to do so under the scheme. Failure to comply will be "deemed to be an interference with the privacy of an individual" and will result in penalties, not to mention reputation damage beyond the breach itself.
What you need to know
The Notifiable Data Breach Scheme or NDB, came into effect in Australia on February 22, 2018. It applies to the majority of businesses with a turnover AU$3 million or more as well as selected business segments regardless of turnover. Businesses required to report under the scheme include:
- Australian Government agencies
- Businesses and not-for-profit organisations with an annual turnover of $3 million or more
- Credit reporting bodies
- Credit providers including
- banks, building societies, credit unions, finance companies
- retailers who issue credit cards
- organisations where payment is deferred for at least 7 days (telco’s and utility companies)
- organisations that provide credit for hiring, leasing or renting goods
- health service providers
- Tax File Number recipients (likely impacting State Government entities if they use TFNs)
The NDB also dictates an objective benchmark. This means that you must report a probable breach if a "reasonable person" concludes that the access or disclosure of the data is "likely to result in serious harm." The terminology in the scheme talks about “likely” breaches and an organisation should interpret the term "likely" to mean more probable than not (as opposed to merely possible).
Put simply, navigating the NDB is complicated and engaging some expert assistance to put a solution in place is a critical step to ensure your business complies.
What can you do?
As a first step, getting familiar with the data you have, where it’s keep and who has access to it is a great start. You can then talk to your IT team about how to better secure your data. You should also consider vulnerability testing in addition to segmenting access to internally stored data, enforcing a strong password policy and implementing geo-blocking which will prevent remote access from countries outside Australia.
If your business is impacted by the NDB, the team at P1 Technology can determine which solutions are right for you. We focus on getting to know you and your business and then work closely with a range of specialists in the legal and insurance industries to provide our clients with the very best NDB solutions and advice.
Not sure what you need?
No problem! We can help you design the best technology solution for your business with our complimentary P1 Discovery Audit.
Book your audit consultation today and discover the difference we can make to your business.Book Now