The Notifiable Data Breaches (NDB) Scheme came into effect on the 22ndof February 2018. It applies to agencies and organisations (including not for profit) with an annual turnover of $3 million or more as well as specific inclusions for Australian Government agencies, credit reporting bodies, health service providers and TFN recipients of any size.
The Privacy Act requires those organisations to take steps to secure certain categories of personal information. Agencies and organisations must be prepared to conduct a quick assessment of a suspected data breach to determine whether it is likely to result in serious harm, and as a result require notification.
A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
Examples of a data breach include when:
- A device containing customers’ personal information is lost or stolen
- A database containing personal information is hacked
- Personal information is mistakenly provided to the wrong person.
If the NDB applies to your organisation, some of the key questions you need to ask yourself are what systems & processes do I currently have in place today to:
- Identify any Data Breaches
- Protect against Data Breaches
- React to any Data Breache
- Respond to Data Breaches
- Recover from Data Breaches
Matrium Technologies offers Governance, Risk & Compliance consultancy on Cybersecurity. We provide Managed Services and Security solutions covering but not limited to Critical Infrastructure, Education, Legal, Finance and Insurance industries.
For more information on how Matrium Technologies can improve your Security framework, posture and cyber-resilience. Contact one of our consultants at security@matrium.com.au or alternatively on 1300 889 888.