New draft resources have been published to assist organisations in meeting their compliance obligations under the Notifiable Data Breaches (NDB) scheme. The NDB scheme commences on 22 February 2018. Organisations with existing personal information security obligations under the Australian Privacy Act 1988 will be required to notify individuals of data breaches that are likely to result in serious harm. They must also notify the Australian Information Commissioner.
The new draft resources include:
*assessing a suspected data breach
*what to include in an eligible data breach statement
*exceptions to notification obligations
*a draft online form to assist organisations in preparing a statement about an eligible data breach to the Australian Information Commissioner
*a new chapter to the OAIC’s Guide to privacy regulatory action on data breach incidents.
We’re interested in your feedback, so if you have any comments on the draft resources, please send them to firstname.lastname@example.org before 23 October 2017.
As organisations review and update their practices, procedures, and systems ahead of the scheme’s commencement, we also encourage reference to our existing, more general guidance relevant to data breaches, including the: