Increasingly we are seeing individuals and companies announcing that their systems have been breached, followed by consequences such as financial and reputation damage. In Australia alone, studies report that 44 per cent of businesses are NOT fully prepared. Breaches have been increasing gradually and to protect people’s privacy the Federal Government has launched the "Notifiable Data Breach" scheme. This new legislative direction aims to boost privacy governance in Australia. This now requires businesses to formally report a breach of their digital systems and files – with penalties of as much as $1.8 million for failing to do so.
[ultimate_heading main_heading="What is the Notifiable Data Breaches (NDB) scheme? " alignment="left" margin_design_tab_text=""][/ultimate_heading]The NDB scheme in Part IIIC of the Privacy Act requires entities to notify affected individuals and the Commissioner of certain data breaches.
The NDB scheme requires entities to notify individuals and the Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:
The primary purpose of the NDB scheme is to ensure individuals are notified if their personal information is involved in a data breach that is likely to result in serious harm. This has a practical function: once notified about a data breach, individuals can take steps to reduce their risk of harm. For example, an individual can change passwords to compromised online accounts, and be alert to identity fraud or scams.
All businesses should have a data breach response plan that enables a business to respond quickly to a data breach. The reason for this is for a business to substantially decrease the impact of a breach and reduce the costs associated with dealing with a breach. The plan also helps you meet your obligations under the Privacy Act, limit the consequences of a data breach and preserve and build public trust.
[ultimate_heading main_heading="Entities Covered by the NDB scheme: " alignment="left" margin_design_tab_text=""][/ultimate_heading]
“The practical benefit of the scheme is that it gives individuals the chance to reduce their risk of harm, such as by re-securing compromised online accounts,” claimed Commissioner Timothy Pilgrim.
For a complete guideline of the Notifiable Data Breach scheme, you may visit or click this link Office of the Australian Information Commissioner – Data Breach Preparation & Response – A guide to managing data breaches in accordance with the Privacy Act 1988.