Notifiable Data Breaches scheme starts 22 Feb 2018
Robust data security was legislated in Australia under the Privacy Amendment (Notifiable Data Breaches) Act 2017, which makes it mandatory for businesses to report eligible data breaches from 22 February 2018.
Under the Notifiable Data Breaches (NDB) scheme, businesses need to notify individuals and the Australian Privacy Commissioner in the case of eligible data breaches which are likely to result in serious harm to the individual.
The new requirements not only affect IT and cloud computing, but also social media and mobile device usage.
Not all data breaches are eligible.
For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no notification requirement. If 20,000 people are affected by a data breach in a minor way, with no serious harm, this also would not be captured under the legislation.
Finally, each business needs to ensure that it is constantly addressing its own compliance needs, and monitoring changes to legislation. This means the business must keep its strategy for using IT current, and ensure that arrangements with service providers address regularly changing business compliance issues.