What your Business Needs to Know about the Notifiable Data Breaches scheme
What your Business Needs to Know about the Notifiable Data Breaches
In 2014, the Office of the Australian Information Commissioner (OIAC) made changes to the Privacy Act and all organisations including government, large and small business were required to adhere to the Australian Privacy Principles or face severe penalties.
With all of the data breaches over the last few years, the newest OIAC amendment came into force on 22nd February and this is the Notifiable Data Breach (NDB) Scheme. The new privacy amendment covers what an Eligible Data Breach is and whether it could result in serious harm to an individual (aka your clients).
This is not a change to be taken lightly. If your customer data is breached through a viral attack on your computers, or an employee leaving their laptop or files on the train or in café, and you don’t have a policy or report it, the maximum civil penalty for organisations is $1.8 million.
The notifiable data breach scheme applies to agencies, organisations and companies that the Privacy Act outlines who must take steps to secure certain categories of personal information. Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more are included in these requirements. Credit reporting bodies, health service providers, and TFN recipients, are also among others.
Defining serious harm to an individual
The OIAC website considers the following types of harm that could occur to an individual as a result of data breaches; identity theft, financial loss, threat to physical safety, threat to emotional wellbeing, loss of business or employment opportunities, humiliation, damage to reputation or relationships, or workplace or social bullying or marginalisation.
It’s a dry but serious topic, and one that your business may need to be aware of and implement with immediate effect. If your business is included in the effected categories and you collect any information at all on your clients, you need to be considering how that information is secured and who has access to it in your organisation (including suppliers). For further detail on this new requirement visit either this Wolters Kluwer article which explains it quite clearly or the OIAC website.
- Office of the Australian Information Commissioner (OIAC): Notifiable Data Breaches Scheme
- Office of the Australian Information Commissioner (OIAC): Privacy Fact Sheet 17 – Australian Privacy Principles
- Wolters Kluwer | Central: Notifiable Data Breaches
Over to you
What do you think about our article? Is your business compliant? Let us know in the comments. Learn more about the risks business face and be prepared to manage that risk by talking to our experts. Make an appointment at 1300 888 803.
Know more of the latest in financial intelligence:
This article is published by Modoras Accounting (Gold Coast) Pty Ltd ABN 62 601 145 199. This article contains general information only and is not intended to represent specific personal advice (Accounting, taxation, financial or credit). No individual personal circumstances have been taken into consideration for the preparation of this material. It is recommended that you obtain your own personal professional advice before making any financial or business decision.