Notifiable Data Breaches (NDB) Scheme

RECENT PRIVACY LAW CHANGES – WHAT YOU NEED TO KNOW

The Notifiable Data Breaches (NDB) scheme is an amendment to the existing Privacy Act. The NDB scheme introduces mandatory data breach notification obligations. The scheme will also toughen up privacy obligations by companies working with personal information with considerable fines (of up to $1.7 million) for a privacy breach.

As of 22 February 2018 this amendment will require organisations working under the Privacy Act 1998 (Cth) to notify any individuals likely to be at risk of serious harm by a data breach. The Office of the Australian Information Commissioner (OAIC) must also be notified.

Organisations should have a plan in place as they will need to be prepared to conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm.

We remind AMSRO members that working under our Privacy (Market and Social Research) Code offers members important risk mitigation (with AMSRO being the administrator of the code) plus professional and relevant privacy advice.

AMSRO’s Privacy Compliance Committee presented an exclusive and free member NDB webinar on Monday 29 January 2018 for all members – a copy of the presentation is available here.

AMSRO member resources:

• AMSRO Guideline is here
• AMSRO Notifiable-Data-Breaches-2018-AMSRO-Response-Checklist
• AMSRO Service Level Agreement template 2018
• OAIC OAIC flowchart NDB
• OAIC NDB scheme website

Read AMSRO’s submissions to the OAIC NDB Scheme:

• AMSRO – NDB Draft Resources submission (October 2017)
• NOTIFIABLE DATA BREACHES SCHEME (NDB) – AMSRO Submission (July 2017)
• OAIC NDB roundtable presentation — 3 May