On 22 February, the Office of the Australian Information Commissioner (OAIC) introduced the Notifiable Data Breaches Scheme (NDBS) to combat the growing threat to data privacy and security, which is affecting businesses worldwide.

The new regulation applies to businesses with an annual turnover of greater than $3 million, small businesses that trade in personal information (e.g. buying or selling a mailing list), as well as private sector health service providers.

However, many organisations are becoming increasingly concerned about possible breaches and how to identify them now that they require a legal notification. A privacy ‘threat’ could include:

  • Unauthorised access and/or disclosure of personal information
  • A cyber security malicious breach
  • An accidental data loss due to IT equipment or hard copy documents
  • A negligent or improper disclosure of information, or where the incident satisfies a particular harm threshold if one exists.

The new scheme will require all agencies, organisations and certain other entities provide notice to affected individuals of an eligible data breach, as well as to the Australian Information Commissioner.

These perceived threats can be quite simple and the rulings around this new scheme are strict, therefore it is worth getting a solid understanding of how this change may impact your business.  

For more detailed information on how to prepare for the new scheme, please see documentation from the office of Australian Information Commissioner or speak to your legal representative.

Resource: Pache, C. Compliance with the Notifiable Data Breaches Scheme, australiasialawyer.com.au on 13 February 2018.