This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Quote Of The Year
Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"
or
H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."
Friday, January 26, 2018
This Is A Useful Long Article On The New Data Breach Notification Scheme Which Starts In Days.
Australia's Notifiable Data Breaches scheme will come into force next month. Here is what it means and how it will affect organisations, and individuals, in Australia.
Australia's Notifiable Data Breaches (NDB) scheme comes into effect on February 22, 2018, and as the legislative direction is aimed at protecting the individual, there's a lot of responsibility on each organisation to secure the data it holds.
The NDB scheme falls under Part IIIC of the Australian Privacy Act 1988 and establishes requirements for entities in responding to data breaches.
What that means is all agencies and organisations in Australia that are covered by the Privacy Act will be required to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm", as soon as practicable after becoming aware of a breach.
Tax file number (TFN) recipients, to the extent that TFN information is involved in a data breach, must also comply with the NDB.
In addition to notifying individuals affected, under the scheme, organisations must provide recommendations on how those affected should respond, as well as what to do now their information is in the wild. The Australian Information Commissioner, currently Timothy Pilgrim, must also be notified of the breach.
"The NDB scheme formalises an existing community expectation for transparency when a data breach occurs," Pilgrim told ZDNet. "Notification provides individuals with an opportunity to take steps to protect their personal information, and to minimise their risk of experiencing harm."
Anyone who is a custodian of personal information would be well advised to read through this long article and make sure they are fully able to comply.
David.
Update 29/1/2018. I have removed the last paragraph of the ZDNet quote as I have been told there are some errors in it by the OAIC. They are also correcting it with ZDNet.
They said: "In particular, both credit reporting bodies and private sector health service providers will be required to comply with the NDB scheme."
No comments:
Post a Comment