• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Notifiable Data Breaches – How will it affect you?

You are here: Home / Security News / Notifiable Data Breaches – How will it affect you?

As the 22nd February, the commencement date for the 2018 Notifiable Data Breaches Act looms near, it is a timely reminder to have systems in place to deal with the new legislation.

This article looks at who is affected, what you need to do if you have a breach and finally how you can reduce the likelihood of data breaches in your organisation. The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 established a Notifiable Data Breaches (NDB) scheme in Australia. The NDB scheme requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm from a data breach. The act is administered by The Office of the Australian Information Commissioner (OAIC) which is an independent statutory agency within the Attorney General’s portfolio.

The impacts of the new act are immense. Those that fail to notify face penalties including fines of $360,000 for individuals and $1.8 million for organisations.

The NDB scheme requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach. This notice must include recommendations about the steps that individuals should take in response to the data breach. The Office of the Australian Information Commissioner must also be notified. A Notifiable Data Breach is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates. A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure. Such information includes personal details, credit reporting information, credit eligibility information, and tax file number information. Examples of a data breach include when:

  • a device containing customers’ personal information is lost or stolen.
  • a database containing personal information is hacked.
  • personal information is mistakenly provided to the wrong person.

Where an organisation becomes aware that there are reasonable grounds to believe an eligible data breach has occurred, they are obligated to notify individuals at risk of serious harm and the Australian Information Commissioner as soon as practicable. This notification must set out:

  • the identity and contact details of the organisation.
  • a description of the data breach.
  • the kinds of information concerned and;
  • recommendations about the steps individuals should take in response to the data breach.

Agilient’s Advice on how to prepare for the Notifiable Data Breaches Act organisations is outlined below:

  • Have a threat and risk assessment in place of all information technology systems.
  • Have a privacy impact assessment completed for all information technology systems.
  • Have an information security management system in place such as one compliant to ISO/IEC 27000 series (Information security management systems family of standards).
  • Have your information security management systems audited and tested.
  • Implement the Australian Signals Directorate (ASD) prioritised mitigation strategies developed to help technical cyber security professionals mitigate cyber security incidents.
  • Have your reporting policy and procedures ready to go when the new act comes into effect.

If you require any assistance in getting your systems ready for the Notifiable Data Breaches Act contact Agilient today.

The Agilient Team

Tweet
Share

Security News

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692