Notifiable Data Breaches Scheme – Quick Facts & Answers

Australia’s Notifiable Data Breaches (NDB) Scheme went into effect recently in February 2018.

Cyber security is now more important to Australian businesses than ever, and IT leaders can expect questions and concerns from key stakeholders about what the new laws mean for their organisation.

Here are some easy-to-understand answers to the most common questions, or simply download our NDB Fact Sheet.

Who does the new Notifiable Data Breaches Scheme affect?

Australia’s Data Notification Law came into effect on February 22, 2018. It applies to businesses governed under the Privacy Act 1988 – including any with annual turnovers of $3 million, or businesses that collect and store sensitive user information like payment or personal data. If a data breach will likely result in “serious harm” to individuals, whether reputation, finances, or safety, you are required to notify the relevant parties. Failure to do so can incur fines of up to $1.8 million.

How big is the impact?

According to the 2017 Cost of Data Breach Global Study by Ponemon Institute, 1 in 4 organisations with top cyber security defences still experience data breaches. 90% of a cyber attack’s bottom-line impact is felt up to two years after an attack. It is important to recognise that data breaches are not an “if” scenario, but “when”. The new data breach laws add hefty fines and heightened public scrutiny on top of many other consequences of a breach, including: loss of sales and contracts, compromised IP, and legal action. Customers and shareholders will hold business leaders responsible for non-compliance with these laws.

What do we do when a breach is detected?

Verified breaches must be reported to the Australian Information Commissioner and all affected individuals, along with descriptions of
the breach, the nature of any compromised information, and recommendations to individuals on what they should do next. The law gives organisations only 30 days to investigate any suspected breach, or plug any possible data loss, before notification is required.

How can you protect your business against breaches?

Monitor your networks. According to the Cost of Data Breach Global Study, it takes an average of six months to discover a data breach. It’s critical to have a robust monitoring system not only to help you and your team identify and stop threats more consistently, but also to make compliance with data breach notification laws much simpler. The more visibility you have into your data and networks, the easier it is to give details to regulators and the public if a breach occurs.

Download our NDB Fact Sheet for quick sharing with your business leaders and colleagues.

Have concerns or want to learn more about the NDB Scheme? Contact Interlinked today.