From 22 February, 2018, all businesses that are subject to the Privacy Act will also need to comply with the government’s mandatory Notifiable Data Breach (NDB) scheme.

What is the NDB scheme?

The scheme requires you to notify the Office of the Australian Information Commissioner (OAIC) and the affected individual if you experience a data breach that is likely to cause serious harm, which can include financial losses and emotional distress or reputational damage.


Who has to comply?

The NBD scheme will apply to (but is not limited to) the following:

  • Australian Government agencies
  • Businesses and not-for-profit organisations that have an annual turnover of more than $3 million
  • Private sector health service providers
  • Credit reporting bodies
  • Credit providers
  • Entities that trade in personal information
  • Tax file number (TFN) recipients

Even if they do not meet the above categories, also affected are:

  • Private hospitals
  • Day surgeries
  • Medical practitioners
  • Pharmacists and allied health professionals
  • Complementary therapists, such as naturopaths and chiropractors
  • Gyms and weight loss clinics
  • Child care centres
  • Private schools and private tertiary educational institutions
  • Businesses that sell or purchase personal information

For further details have a look here.

Of course, it’s not just about compliance for its own sake. By demonstrating to your customers that you’ve got strong measures in place to protect their privacy, you can strengthen existing relationships and attract new customers.

What qualifies as a notifiable data breach?

A breach occurs when personal information about an individual is lost, stolen, or disclosed without authorisation.

The scheme doesn’t apply to commercial secrets, intellectual property, or transactions between businesses. It’s strictly to protect individuals.

What do we need to do to comply?

You may already have all the right measures in place to comply with the NDB scheme. Remember, prevention is better than cure, so it’s important to focus your efforts on securing your systems so the risk of a breach is minimised.

To find out whether you’re ready for the mandatory NDB scheme, contact us today for an obligation-free privacy audit.

The Aleron privacy audit

We’ll check all your systems against the Australian Privacy Principles (APP) 13 key privacy principles to identify any gaps.

We provide a comprehensive audit across all systems that collect and store personally identifiable information to measure their alignment with the privacy principles. We use CyRisk, Aleron’s risk assessment platform, to highlight high-risk systems that require action.

We measure the sensitivity of the data and the degree of security gap.

We then recommend any additional action you may need to take to strengthen your security or improve your processes.

This process helps you focus your resources on fixing the areas of most concern. Our solution lets you make changes at a high level that can then flow through to various systems. This efficient approach helps you plug gaps faster and more effectively.

Don’t get caught short when the NDB scheme comes into effect. 

Get a privacy audit of your systems today so you can be confident that your company complies.