Why is the law changing?
From 22 February 2018 amendments to the Privacy Act 1988 will take effect and introduce a mandatory notification procedure for data breaches. Currently, there are no requirements to notify individuals affected by a data breach. There is a rising threat to the safety and privacy of personal information.
What are the changes?
The Act requires entities to notify individuals whose personal information is breached and the Australian Information Commissioner when an ‘Eligible Data Breach’ (EDB) occurs.
Who do the changes apply to?
The Notifiable Data Breach (NDB) scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients.
What is an Eligible Data Breach?
The first step in deciding whether an eligible data breach has occurred involves considering whether there has been a data breach; that is, unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information
Data breach response plan quick checklist
SCHOOL COMPLIANCE MADE EASY
