The long-awaited mandatory Notifiable Data Breaches (NDB) legislation, established as part of the Privacy Amendment (Notifiable Data Breaches) Act 2017, takes effect from today, impacting all APP Entities with personal information security obligations under the Australian Privacy Act 1988.
The legislation will impose a legal requirement for all eligible organisations, which include APP entities with an annual turnover of $3 million or more, to provide a notice (as soon as practicable) to individuals whose personal information has been, or is suspected to have been, involved in an eligible data breach that could result in serious harm, as well as provide recommended steps to both remediate and mitigate against future attacks.
The Office of the Australian Information Commissioner (OAIC) must also be notified of each eligible breach.
Kevin O’Sullivan, Kinetic IT’s Group Manager, Security Intelligence Services, says, “The new legislation couldn’t have come soon enough for the security industry, businesses and consumers alike – we need to remember we’re all in this together, and that means being transparent, collaborating and sharing our experiences to get faster and more widespread results.”
“We also understand that organisations may be concerned about losing customer trust as the result of this new legislation – the key to avoiding this is preparation and knowing exactly what is required when it comes to these notifications. Causing unnecessary stress or panic doesn’t help anyone.”
To determine whether a notification is necessary, and make a compliant notification possible should an eligible data breach occur, agencies and organisations will need to conduct an assessment of a suspected breach to determine whether it is likely to result in serious harm.
“It’s time to start assessing your current cyber security response capability and uplifting your data breach response plan. If you’re concerned that your organisation may not have the in-house capability to conduct an adequate breach assessment, or remediate effectively, take advantage of trusted Australian specialist services like Kinetic IT’s Security Assurance service,” concludes O’Sullivan.
You can contact the Kinetic IT Cyber Security Team at email@example.com or via phone on 1300 782 027. For more information about our cyber security services, check out the Kinetic IT Cyber Security website at https://security.kineticit.com.au/