Notifiable Data Breach Scheme Resources

The Office of the Australian Information Commissioner (OAIC) recently published new draft resources to assist organisations to prepare for the Notifiable Data Breaches Scheme, which is scheduled to commence on 22 February 2018. Consultation on the draft resources is open until 23 October 2018.

ndb_header2

The OAIC considers that a data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.  They offer the following examples to illustrate this:

  • a device containing customers’ personal information is lost or stolen
  • a database containing personal information is hacked
  • personal information is mistakenly provided to the wrong person.

Even if your not-for-profit organisation does not wish to provide feedback on these drafts, you may find it helpful to review these resources with a view to updating your risk register and data governance policy before the new requirements take effect early next year.

If you have not yet considered cyber-risk insurance, it would also be timely to talk to your insurance broker about obtaining suitable cover for this growing area of risk.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s