If you are a not-for-profit organisation with over $3 million in turnover, then you will doubtless be aware that today marks the first day of the Notifiable Data Breaches (NDB) Scheme. This means you now have new obligations to notify affected parties and the OAIC in the event of a breach.
The Office of the Australian Information Commissioner (OAIC) has recently published a new guide to assist you in meeting NDB Scheme requirements. This publication is called Data breach preparation and response – A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth).
More details regarding the NDB Scheme can be found here.
If you are looking for a relatively compact briefing paper for your Board or Audit and Risk Committee, the OAIC has also published their November 2017 NDB webinar slide pack – which distills the key elements of the scheme into about 23 slides (excluding title slides etc.)
Board Briefings and Practical Help
To arrange a Board or committee briefing on how the NDB Scheme affects your compliance obligations and risk management systems, please contact me on 0419 347 599 or by email (email@example.com).
Likewise, if you would like practical assistance in drafting or reviewing your data breach preparation and response plans, please contact me as above.