Australia's Data Breach Laws

According to the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017, on the 23rd of February any eligible data breaches will need to be reported to the Office of the Australian Information Commissioner and individuals effected.

What is an eligible data breach?
The scheme only requires organisations to notify when there is a data breach that is likely to result in serious harm to any individual to whom the information relates. 
Such as: 

  • a device containing customers’ personal information is lost or stolen
  • a database containing personal information is hacked
  • personal information is mistakenly provided to the wrong person

How and When Do I Notify?
Where an organisation becomes aware that an eligiable data breach has occurred, they are obligated to notify individuals at likely risk of serious harm and the Commissioner as soon as practicable.
Information that should be provided to both parties: 

  • the identity and contact details of the organisation
  • a description of the data breach
  • the kinds of information concerned
  • recommendations about the steps individuals should take in response to the data breach

To ensure that individuals can take remedial steps in the event that their personal information is compromised.

A failure to comply with the notification obligations will fall under the Privacy Act's existing enforcement and civil penalty framework. Accordingly, APP Entities may be subject to anything from investigations to, in the case of serious or repeated non-compliance, substantial civil penalties.

How to prepare 

  1. Audit your current information security processes and procedures to ensure they are adequate (prevention will soon be much more palatable than the cure)
  2. Prepare a data breach response plan so as to enable the APP Entity to respond quickly, efficiently and lawfully to an actual or suspected data breach

If you have any questions or concerns about your IT Security, please get in touch with Huon IT here

Author: Paris Wells, Senior Consultant, Huon IT

General Updates Security & Networking