Notifiable Data Breaches

RECENT PRIVACY LAW CHANGES – WHAT YOU NEED TO KNOW

The (NDB) scheme is an amendment to the existing Privacy Act. The NDB scheme introduces new mandatory data notifications. The scheme will also toughen up privacy obligations by companies working with personal information with considerable fines (of up to $1.7 million) for a privacy breach.

As of 22 February 2018 this amendment will require organisations working under the Privacy Act 1998 (Cth) to notify any individuals likely to be at risk of serious harm by a data breach. The Office of the Australian Information Commissioner (OAIC) must also be notified.

Organisations should have a plan in place as they will need to be prepared to conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm.

We remind AMSRO members that working under our Privacy (Market and Social Research) Code offers members important risk mitigation (with AMSRO being the administrator of the code) plus professional and relevant privacy advice.
AMSRO’s Privacy Compliance Committee (PCC), chaired by Former Senator and privacy expert, Terry Aulich, is working with the OAIC on NDB guidelines regarding compliance procedures such as notification, identifying a breach and which breaches are notifiable, to ensure AMSRO members are well equipped ahead of the change.

Read AMSRO’s submissions to the OAIC NDB Scheme: