18 Hardings Road Hunchy QLD 4555
client@hartpartners.com.au
CALL US TODAY
+61 3 9600 3220
Free Accounting Game Plan

Notifiable Data Breach Scheme is in Effect

It was over three years in the making, but the Notified Data Breaches Bill has been passed into law and will come into effect on 22 February 2018. The Bill, formally known as the Privacy Amendment (Notifiable Data Breaches) Act 2017, will allow for a Notifiable Data Breaches (NDB) scheme to be established in Australia.

What is the NDB Scheme?

The Act was developed and introduced as a way to respond to the ever-growing amounts of an individual’s data that are being kept electronically. As more activities are carried out electronically and digitally, the Act aims to allay the public’s concerns about the potential of unauthorised access to their personal data.

The scheme requires all agencies and businesses that are covered by the Privacy Act to notify the Office of the Australian Information Commissioner (OAIC) of any breaches of individuals’ data that may cause serious harm to them. Those agencies and businesses must also directly notify those individuals directly affected by a data breach and the steps they should take to address the breach.

According to the Act, a Notifiable Data Breach is when personal data has been lost or disclosed without the proper authorization. The Act also lists various factors that will help determine whether a breach addresses the definition of a Notifiable Data Breach, which includes:

  • The sensitivity of the individual’s data
  • The types of stakeholders who could have accessed the data
  • Whether or not the information was protected
  • The degree of harm that an individual could experience as a result of the breach

The Penalties for those who contravene the Act

Perhaps the most glaring parts of the NDB Scheme and Act are the fines that those who breach it could face. An individual who fails to notify the relevant individual or the OAIC of a serious Notifiable Data Breach, or who repeatedly fails to notify those stakeholders of data breaches, could be fined up to $360,000.

That amount is dwarfed by that faced by companies and other such organisations which are found to make serious or repeated breaches of the Privacy Act. Fines of up to $1.8 million may be levied on such entities which fail to notify an individual and the OAIC of a Notifiable Data Breach.

At Hart Partners we are dedicated to ensuring individuals and businesses are fully aware of their obligations. If you wish to know more about your financial and tax obligations, we invite you to call us today.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed