NDB (Notifiable Data Breach) legislation went into effect on 22 February. Yet at the end of 2017, according to CSO.com.au, just 13% of companies had an NDB strategy in place – 60% had not even read the amendment!
So, what is NDB? Way back in 1988, Australia created the Privacy Act to ensure safe handling of personal, individual data. It includes 13 Australian Privacy Principles (APPs) covering the management, solicitation, and notification of usage for basic personal information. It further outlines the handling of sensitive personal data in the areas of taxes, credit reporting, medical information, and more.
In 2017, a Privacy Amendment was passed that outlines the identification and handling of an NDB – notifiable data breach. Businesses are required to quickly assess data breaches and determine the level of harm the breach might cause. The amendment specifies action that must be taken if a data breach is considered eligible.
An eligible breach requires notification not only of the Australian government but public notification of individuals whose data is at risk. That makes a data breach not just a regulatory and remediation issue, but a public relations and image management issue as well.
The best way to avoid dealing with these headaches is to avoid an eligible breach – and the best way to do that is to adopt encryption and security policies that protect your customers’ data. Blutone Technologies has been working with clients for months to secure their systems to safeguard the information they store. Get in touch today and find out how you can protect your business.
Several people have asked how to find more information about the NDB Privacy Amendment which went into effect on 22 February, so I wanted to share this link to the Office of the Australian Information Commissioner: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme Let me know if you’d like help interpreting and implementing the security your system needs to be NDB compliant.