Friday, January 26, 2018

This Is A Useful Long Article On The New Data Breach Notification Scheme Which Starts In Days.

This appeared last week:

Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia

Australia's Notifiable Data Breaches scheme will come into force next month. Here is what it means and how it will affect organisations, and individuals, in Australia.
By | | Topic: Security

WHAT IS THE NOTIFIABLE DATA BREACHES SCHEME?

Australia's Notifiable Data Breaches (NDB) scheme comes into effect on February 22, 2018, and as the legislative direction is aimed at protecting the individual, there's a lot of responsibility on each organisation to secure the data it holds.
The NDB scheme falls under Part IIIC of the Australian Privacy Act 1988 and establishes requirements for entities in responding to data breaches.
What that means is all agencies and organisations in Australia that are covered by the Privacy Act will be required to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm", as soon as practicable after becoming aware of a breach.
Tax file number (TFN) recipients, to the extent that TFN information is involved in a data breach, must also comply with the NDB.
In addition to notifying individuals affected, under the scheme, organisations must provide recommendations on how those affected should respond, as well as what to do now their information is in the wild. The Australian Information Commissioner, currently Timothy Pilgrim, must also be notified of the breach.
"The NDB scheme formalises an existing community expectation for transparency when a data breach occurs," Pilgrim told ZDNet. "Notification provides individuals with an opportunity to take steps to protect their personal information, and to minimise their risk of experiencing harm."


Lots, lots more here:
Anyone who is a custodian of personal information would be well advised to read through this long article and make sure they are fully able to comply.
David.

Update 29/1/2018. I have removed the last paragraph of the ZDNet quote as I have been told there are some errors in it by the OAIC. They are also correcting it with ZDNet.

They said: "In particular, both credit reporting bodies and private sector health service providers will be required to comply with the NDB scheme."

Thanks to them for letting me (and readers) know!

D.

No comments: