Insights: Security News

Are You Ready for the Mandatory Notifiable Data Breaches (NDB) Privacy Act Legislation?

Are You Ready for the Mandatory Notifiable Data Breaches (NDB) Privacy Act Legislation?

The long-awaited mandatory Notifiable Data Breaches (NDB) legislation, established as part of the Privacy Amendment (Notifiable Data Breaches) Act 2017, takes effect from today, impacting all APP Entities with personal information security obligations under the Australian Privacy Act 1988.

The legislation will impose a legal requirement for all eligible organisations, which include APP entities with an annual turnover of $3 million or more, to provide a notice (as soon as practicable) to individuals whose personal information has been, or is suspected to have been, involved in an eligible data breach that could result in serious harm, as well as provide recommended steps to both remediate and mitigate against future attacks.

The Office of the Australian Information Commissioner (OAIC) must also be notified of each eligible breach.

Kevin O’Sullivan, Kinetic IT’s Group Manager, Security Intelligence Services, says, “The new legislation couldn’t have come soon enough for the security industry, businesses and consumers alike – we need to remember we’re all in this together, and that means being transparent, collaborating and sharing our experiences to get faster and more widespread results.”

“We also understand that organisations may be concerned about losing customer trust as the result of this new legislation – the key to avoiding this is preparation and knowing exactly what is required when it comes to these notifications. Causing unnecessary stress or panic doesn’t help anyone.”

To determine whether a notification is necessary, and make a compliant notification possible should an eligible data breach occur, agencies and organisations will need to conduct an assessment of a suspected breach to determine whether it is likely to result in serious harm.

“It’s time to start assessing your current cyber security response capability and uplifting your data breach response plan. If you’re concerned that your organisation may not have the in-house capability to conduct an adequate breach assessment, or remediate effectively, take advantage of trusted Australian specialist services like Kinetic IT’s Security Assurance service,” concludes O’Sullivan.

You can contact the Kinetic IT Cyber Security Team at or via phone on 1300 782 027. For more information about our cyber security services, check out the Kinetic IT Cyber Security website at

This Insight was written by:

Latest Insights

Cyber Security

Disinformation and You

Disinformation is false or misleading information created with an aim to cause harm, garner political influence or lead to financial

Crew Stories
White Papers


Our MAIDE Model is founded on years of experience in both SIAM theory, and the design, implementation and operation of

Speak with a

Call Now

Click or Tap

Email Now

Click or Tap