The Notifiable Data Breaches (NDB) Scheme will commence in Australia on 22 February 2018.
The scheme makes it obligatory to:
- Notify individuals when their personal data has been involved in a data breach that is likely to result in serious harm; and
- Notify the Australian Information Commissioner of the breach.
The scheme will apply to all organisations that are required to take steps to protect personal information under the Privacy Act.
This includes but is not limited to:
- Government agencies,
- Businesses with turnover greater than $3M in a prior financial year,
- Credit reporting bodies,
- Healthcare service providers, and
- TFN recipients.
You can use this checklist from the Office of the Australian Information Commissioner to help determine if you are required to comply with the Scheme.
While you may not be required to comply with the NDB scheme currently, it’s a good reminder to review how your business currently stores customer information, and what type of processes you have in place in the event of a data breach, disaster, or other events that could impact the security of your business and customer information.
Here are 10 tips to consider to help you protect the information you collect.