Have you heard about the Notifiable Data Breach (NDB) scheme? Do you know what it is and how it may affect you?
The NDB scheme came into effect on February 22 and is an amendment to the Privacy Act. Essentially, if data has been breached that is likely to result in serious harm, there are certain reporting obligations that an organisation is now required to adhere to, which include notifying:
- the individual whose personal information has been breached
- the Australian Information Commission of the breach
And it isn’t only Government and big businesses that have to comply. The rules may also apply to smaller businesses who retain information such as employment contracts, wages, personal details, or even supplier payment details and terms.
Some examples of data breaches may include:
- Someone hacking your computer and obtaining information (this is where cyber security insurance comes in!)
- Someone physically breaking into your premises and stealing information or documents
- Leaving sensitive personal information where it could be viewed by anyone
There is a raft of information available on the Office of Australian Information Commissioner website, including webinars and other resources. We’d recommend that you take the time to read all of the information - and contact your business insurer if you wish to review your policy.