Notifiable Data Breaches scheme

Notifiable Data Breaches scheme starts 22 Feb 2018

Robust data security was legislated in Australia under the Privacy Amendment (Notifiable Data Breaches) Act 2017, which makes it mandatory for businesses to report eligible data breaches from 22 February 2018.

Under the Notifiable Data Breaches (NDB) scheme, businesses need to notify individuals and the Australian Privacy Commissioner in the case of eligible data breaches which are likely to result in serious harm to the individual.

The new requirements not only affect IT and cloud computing, but also social media and mobile device usage.

Not all data breaches are eligible.

For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no notification requirement. If 20,000 people are affected by a data breach in a minor way, with no serious harm, this also would not be captured under the legislation.

Finally, each business needs to ensure that it is constantly addressing its own compliance needs, and monitoring changes to legislation. This means the business must keep its strategy for using IT current, and ensure that arrangements with service providers address regularly changing business compliance issues.

For more guidance on what constitutes an eligible data breach, what serious harm means and the notification process download CPA Australia’s IT checklist for small business (PDF) or call the team at Omnis Group in Perth on 08 9380 3555.

Related reading: What a data breach means to your business

Source CPA Australia