Cyber Security

Notifiable Data Breaches

The Australian Government established the ‘Notifiable Data Breach’ (NDB) scheme, to ensure that affected individuals are notified about serious data breaches. The NDB scheme applies to all businesses, government agencies and other organisations covered by the Australian Privacy Act 1988 (Privacy Act) and commenced on 22 February 2018.

What is a Data Breach?

A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference.

A device containing customers personal information is lost or stolen
A database containing personal information is hacked
Personal information is mistakenly provided to the wrong person

What is a Notifiable Data Breach?

In today’s digital landscape, data breaches have become an unfortunate reality for many Aussies and businesses. However, when a data breach has the potential to cause serious harm, it becomes a Notifiable Data Breach (NDB). Under the NDB scheme, organisations are required to inform individuals affected by serious data breaches and provide them with recommendations on the appropriate steps to take.

Additionally, the Office of the Australian Information Commissioner (OAIC) must be notified of the breach. To comply with the scheme, organisations need to be prepared to quickly assess suspected data breaches to determine if they are likely to result in serious harm. By taking these steps, businesses can help mitigate the impact of data breaches and protect the privacy and security of individual’s personal information in Australia.

How will Qbit assist me to prepare for the NDB scheme?

To help its clients comply with the Notifiable Data Breach (NDB) scheme, Qbit, an Australian-based cybersecurity firm, will develop practical guidance in collaboration with them. This guidance will focus on key changes to current best practices, including the threshold for notifying a serious data breach and assessing suspected data breaches.

We will clarify the regulatory role of the Office of the Australian Information Commissioner (OAIC) in the NDB scheme through its guidance. Additionally, we will host a series of consultation events in major capital cities through the Privacy Professionals Network to ensure that Australian businesses have the latest information on the NDB scheme.

By providing clear and concise guidance, our aim is to help its clients protect personal information and mitigate the impact of data breaches.

Why is the NDB scheme important?

The NDB scheme will strengthen the protections afforded to everyone’s personal information and will improve transparency in the way that businesses and agencies respond to serious data breaches. This in turn supports consumer and community confidence that personal information is being respected and protected. It also gives individuals the opportunity to take steps to minimise the damage that can result from the unauthorised use of their personal information.