Government Introduces Data Breach Notification Scheme
On February 22, the government’s mandatory data breach notification scheme came into effect. The scheme requires organisations to notify the Office of the Australian Information Commissioner (OAIC) and the affected individual if the organisation experiences a data breach that compromises personal information and is likely to cause serious harm. Failing to comply with the scheme could result in heavy fines as well as the less-tangible loss of customer faith.
All businesses subject to the Privacy Act need to comply with the new scheme. This includes businesses and not-for-profit organisations with an annual turnover of less than $3 million.
There are five key steps businesses should take to comply with the mandatory data breach notification scheme:
- Confirm whether the business is subject to the scheme.
- Know what types of information the business’s systems hold.
- Put security controls in place to appropriately protect data based on its confidentiality or sensitivity.
- Put measures in place to detect potential breaches.
- Develop a response plan to effectively react if a data breach is suspected.
To help businesses comply with the mandatory data breach notification scheme, a comprehensive privacy audit may be appropriate. Such an audit will give businesses’ the confidence that their company is compliant with the new legislation.
If you need assistance for yourself or your business or there is something you would like to discuss further please contact the team at The Money Edge on 07 4151 8898.