Are you NDB prepared and covered at your company?
Written by: Peta Nicholson
Everyone has been talking about the GDPR coming into effect on May 25th this year, but were you aware that a new Australian law that came into effect back in February around data breach notifications?
The Notifiable Data Breaches (NDB) Scheme became enforceable from February 22nd 2018, this amendment to the Privacy Act now states that any breach or potential breach to personally identifiable information (PII) must be reported to the Australian Government within 72 hours of being identified by the respective company/individual. So, nothing really needs to be done then other than if a breach is found it is notified to the OAIC and all people potentially affected by the breach be notified right? NO!
There are serious consequences that can be enforced by law in the case of a breach even if you report it. People can be held personally responsible for the breach due to inaction of not ensuring the safety of the PII of customers. A breach isn’t just from an outside hacker that is able to get access into your network and access data. A breach is when PII has been lost, when it has been accessed or released without authorisation. This breach could result in harm to the individuals whose PII has been affected, through emotional, financial or physical harm. The breach could be even as simple as PII was sent to the wrong person, a USB containing PII or even mobile phone is lost or stolen.
What can you do to ensure that you are compliant and where do you start?
The government has come up with a great resource that you can start with on ensuring you have all the right information, steps to take to ensure compliance with the law and even action plans for you to follow in the event of a breach. For more information on NDB please visit the AOIC site.
Do you know who has access to all PII at your company? Are you able to control this access effectively? BEarena can help with securing your company by identifying areas of weakness, how security can be improved, implementing measures for compliance and ongoing management and reporting. For more information on how BEarena can help drop us a line at email@example.com or call on 02 9423 7031.