As of 22 February 2018, many businesses owing obligations under the Privacy Act 1988 will be subject to the new notifiable data breach scheme (NDB Scheme). These obligations include safeguarding all information about a person that would identify them or allow them to be reasonably identified.
Does your business owe obligations under the Privacy Act?
Generally, if you are either a business with greater than $3 million in annual turnover, or alternatively a business with less than $3 million in annual turnover but deal in personal information or provide health services as a component of your business, the Privacy Act applies to you. Additionally, all registered tax practitioners already have obligations to protect TFN information under the tax legislation and the new NDB Scheme will expand those obligations.
Under the NDB Scheme:
1. if there is a data breach that is likely to result in serious harm, you must notify the Australian Information Commissioner (Commissioner) and all affected individuals;
2. the Commissioner has wide powers to investigate compliance and data breaches; and
3. failure to comply with the NDB Scheme may result in fines of up to:
a. $2.1 million for corporations; and
b. $420,000 for other entities.
To assist with staying compliant with your obligations under the Privacy Act and the NDB Scheme, we suggest you:
B. have personal information management systems, processes and procedures;
C. ensure employees are trained and aware of their obligations
D. ensure that you obtain all the required consents and notifications under the Privacy Act and the NDB Scheme
If you experience any data breach, or if you would like help to prepare policies or procedure in order to ensure your business complies with the NBD Scheme, please don’t hesitate to contact us on (08) 6212 3777.