Ok so now if we have established you’re an APP, let’s look at what has changed.
On 13 February 2017 Australian Parliament passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB scheme). This states that as of 22 February 2018 all entities covered by the Australian Privacy Principles (APPs) will have clear obligations to report eligible data breaches.
While you can read all about your obligations here, what this all boils down to is by 22 February 2018 your organisation should have a strategic plan that addresses the new requirements. The plan must include:
• Assessment of suspected breaches completed within 30 days;
• Record eligibility of breach against (NDB scheme);
• If eligible,
- all affected individuals are notified via an official statement as soon as possible;
- statement should include details of the breach and what actions can be taken;
- a copy of the statement is to be forwarded to Office of the Australian Information Commissioner (OAIC);
If you haven’t already then you need to put together this plan, and while the links in this document can give you details of what you need to address, this is much better handled as part of an Organisation-wide security strategy that includes both Intrusion Detection and Prevention. Superdata are experts at this, so why not contact us on 9371 9998 or email us at firstname.lastname@example.org today to discuss.