Notifiable Data Breach Scheme

Notifiable Data Breach Scheme

Why does my business need to know about the Notifiable Data Breach Scheme?

In this digital age it is no surprise that companies, governments and individuals can access personal information at the click of a button.

Want to learn why you and your business, under the new Notifiable Data Breach Scheme, require that you MUST notify all individuals whose personal details in a data breach are likely to cause harm.

What is it?

Under the Notifiable Data Breach scheme you must notify individuals whose personal  information is involved in a data breach that is likely to result in serious harm. The Australian Information Commissioner (Commissioner) must also be notified.

The law is mandatory and requires organisations to notify persons that are impacted by the breach of data.

What is serious harm?

In the context of a data breach, serious harm to an individual may include serious physical, psychological, emotional, financial, or reputational harm.

Who must comply with the Notifiable Data Breaches scheme?

Organisations with an annual turnover over $3 million.

Examples of a data breach include when:

  • A USB or mobile phone that holds customers’ personal information is stolen
  • A database containing personal information is hacked
  • Someone’s personal information is sent to the wrong person.

Assessing suspected data breaches

Agencies and organisations that suspect an eligible data breach may have occurred must undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected.

If an organisation subject to the Privacy Act incurs an “eligible data breach”, it will have to alert the Australian Information Commissioner and the people whose data has been compromised.

Recent breaches

In late 2017 online taxi company Uber became the latest tech giant to be hit with a wide-scale data breach, affecting about 57 million of its users, following on from the Yahoo and Equifax breaches.

These incidents reveal just how widespread hacking and the loss of personal information is these days. All three companies are still dealing with impact of the loss of their customers’ data.

More information….Office of the Australian Information Commissioner website on Notifiable Data Breaches scheme

If you have any comments or questions in relation to this topic please contact our office.