Get the knowledge you need to make well-informed financial decisions at our upcoming events. Register now.


What your business needs to know about the notifiable data breaches scheme


This article is published by Modoras Accounting (QLD) Pty Ltd ABN 81 601 145 215

What your Business Needs to Know about the Notifiable Data Breaches scheme

Is your Privacy Policy is up-to-date? Learn about the Notifiable Data Breaches (NDB) scheme to find out.

Notifiable Data Breaches (NDB) scheme

Notifiable Data Breaches scheme

What your Business Needs to Know about the Notifiable Data Breaches

In 2014, the Office of the Australian Information Commissioner (OIAC) made changes to the Privacy Act and all organisations including government, large and small business were required to adhere to the Australian Privacy Principles or face severe penalties.

In essence that meant that if you collected any data on your clients; name, sex, email, financial details, health records, addresses, etc then you needed to publish a privacy policy to your website and that it be available to any clients who requested to view it. Your privacy policy lays out how you collect, store and use your client’s personal information.

With all of the data breaches over the last few years, the newest OIAC amendment came into force on 22nd February and this is the Notifiable Data Breach (NDB) Scheme. The new privacy amendment covers what an Eligible Data Breach is and whether it could result in serious harm to an individual (aka your clients).

This is not a change to be taken lightly. If your customer data is breached through a viral attack on your computers, or an employee leaving their laptop or files on the train or in café, and you don’t have a policy or report it, the maximum civil penalty for organisations is $1.8 million.

The notifiable data breach scheme applies to agencies, organisations and companies that the Privacy Act outlines who must take steps to secure certain categories of personal information. Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more are included in these requirements. Credit reporting bodies, health service providers, and TFN recipients, are also among others.

Defining serious harm to an individual

The OIAC website considers the following types of harm that could occur to an individual as a result of data breaches; identity theft, financial loss, threat to physical safety, threat to emotional wellbeing, loss of business or employment opportunities, humiliation, damage to reputation or relationships, or workplace or social bullying or marginalisation.

It’s a dry but serious topic, and one that your business may need to be aware of and implement with immediate effect. If your business is included in the effected categories and you collect any information at all on your clients, you need to be considering how that information is secured and who has access to it in your organisation (including suppliers). For further detail on this new requirement visit either this Wolters Kluwer article which explains it quite clearly or the OIAC website.


Over to you

What do you think about our article? Is your business compliant? Let us know in the comments. Learn more about the risks business face and be prepared to manage that risk by talking to our experts. Make an appointment at 1300 888 803.

Know more of the latest in financial intelligence:

Are you Ready for Single Touch Payroll?
Why the All Ords index can’t predict your super fund performance
Downsizing your Home and Boosting your Retirement Savings

This article is published by Modoras Accounting (QLD) Pty Ltd ABN 81 601 145 215. This article contains general information only and is not intended to represent specific personal advice (Accounting, taxation, financial or credit). No individual personal circumstances have been taken into consideration for the preparation of this material. It is recommended that you obtain your own personal professional advice before making any financial or business decision.


“There are things I must do in the next five years to make that happen, but I know what they are and am working towards them. This is a much happier prospect than what I believed would be my lot when I reached retirement age.”


“I will remain with them as they have been great to me for many many years.”


“I’ve been a customer for several decades(scary how time flies). The service has always been impeccable, consistent, friendly.”


“Very happy with the ease of experience. And extremely happy with my return…much more than I anticipated.”


“The process suits me perfectly, the details and everything you need from me is provided. You then review and I come in to sign where appropriate. In a busy schedule, it suits me perfectly.”


“Our business with Modoras is always very professional and friendly making it a pleasure to attend.”

Peter & Merle

“I have recommended Modoras to friends and family. My sister in law is now a client.”


“Professional service with the personal care factor.”


“We are very happy with the service that Modoras have provided and find all staff very friendly and helpful.”


“Super friendly staff . Would recommend and have recommended.”


“We really enjoy the hospitality every time we visit the office, to meet and talk directly with the ‘Modoras family’ has a huge impact in entrusting our financial future.”


“We have built an excellent business rapport with our Accountant over many, many years. He has managed both personal and business tax and accounting matters for us. It is a pleasure to attend the lovely office in Mt Gravatt. The Reception staff are friendly and efficient. AND they make a great coffee!”


Financial Planning and Credit services are offered through Modoras Pty Ltd ABN 86 068 034 908. Australian Financial Services and Credit Licence No. 233209.
Accounting services are offered through Modoras Accounting (QLD) Pty Ltd ABN 81 601 145 215, Modoras Accounting (VIC) Pty Ltd ACN 145 368 850 and Modoras Accounting (SYD) Pty Ltd ABN 18 622 475 521

Copyright Modoras 2018. All Rights Reserved.