Next Event
23/7 Our Home - Melbourne

What your Business Needs to Know about the Notifiable Data Breaches scheme

28 February, 2018 by Pete Hetherington Pete Hetherington // Accounting

This article is published by Modoras Accounting (QLD) Pty Ltd ABN 81 601 145 215

Is your Privacy Policy is up-to-date? Learn about the Notifiable Data Breaches (NDB) scheme to find out.

Notifiable Data Breaches (NDB) scheme

Notifiable Data Breaches scheme

What your Business Needs to Know about the Notifiable Data Breaches

In 2014, the Office of the Australian Information Commissioner (OIAC) made changes to the Privacy Act and all organisations including government, large and small business were required to adhere to the Australian Privacy Principles or face severe penalties.

In essence that meant that if you collected any data on your clients; name, sex, email, financial details, health records, addresses, etc then you needed to publish a privacy policy to your website and that it be available to any clients who requested to view it. Your privacy policy lays out how you collect, store and use your client’s personal information.

With all of the data breaches over the last few years, the newest OIAC amendment came into force on 22nd February and this is the Notifiable Data Breach (NDB) Scheme. The new privacy amendment covers what an Eligible Data Breach is and whether it could result in serious harm to an individual (aka your clients).

This is not a change to be taken lightly. If your customer data is breached through a viral attack on your computers, or an employee leaving their laptop or files on the train or in café, and you don’t have a policy or report it, the maximum civil penalty for organisations is $1.8 million.

The notifiable data breach scheme applies to agencies, organisations and companies that the Privacy Act outlines who must take steps to secure certain categories of personal information. Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more are included in these requirements. Credit reporting bodies, health service providers, and TFN recipients, are also among others.

Defining serious harm to an individual

The OIAC website considers the following types of harm that could occur to an individual as a result of data breaches; identity theft, financial loss, threat to physical safety, threat to emotional wellbeing, loss of business or employment opportunities, humiliation, damage to reputation or relationships, or workplace or social bullying or marginalisation.

It’s a dry but serious topic, and one that your business may need to be aware of and implement with immediate effect. If your business is included in the effected categories and you collect any information at all on your clients, you need to be considering how that information is secured and who has access to it in your organisation (including suppliers). For further detail on this new requirement visit either this Wolters Kluwer article which explains it quite clearly or the OIAC website.


Over to you

What do you think about our article? Is your business compliant? Let us know in the comments. Learn more about the risks business face and be prepared to manage that risk by talking to our experts. Make an appointment at 1300 888 803.

Know more of the latest in financial intelligence:

Are you Ready for Single Touch Payroll?
Why the All Ords index can’t predict your super fund performance
Downsizing your Home and Boosting your Retirement Savings

This article is published by Modoras Accounting (Gold Coast) Pty Ltd ABN 62 601 145 199. This article contains general information only and is not intended to represent specific personal advice (Accounting, taxation, financial or credit). No individual personal circumstances have been taken into consideration for the preparation of this material. It is recommended that you obtain your own personal professional advice before making any financial or business decision.

Get more from Modoras today!

Our professional advisors are ready to answer your questions anytime. Call us toll-free, Australia-wide on 1300 888 803 or:

Book an appointment! Email:

Share comments