Understanding the Notifiable Data Breaches Scheme
- Wednesday, August 8, 2018
On 22nd February 2018 mandatory data breach notification (Notifiable Data Breaches Scheme) obligations came into effect. This scheme, arising out of amendments to the Privacy Act 1988 (Cth), requires organisations to notify individuals whose personal information is involved in data breach and recommend the steps they should take in response to the breach. Therefore, as individuals and business owners it is vital to ensure that you understand your rights and responsibilities under this new scheme.
It’s easy to think that data breaches relate only to computer “hacking” situations or the like, but that’s not always the case. A data breach can occur simply from leaving confidential papers on your desk, not collecting your printed documents from the printer, losing your mobile phone, ipad or a USB or by misplacing a hard copy document.
A data breach occurs when personal information is lost or subjected to unauthorised access or disclosure. Personal information is that which identifies or is about an individual person. If the personal information is likely to result in serious harm, the Office of the Australian Information Commission (OAIC) must be notified as well as the individual affected.