Australian Notifiable Data Breach reporting for all businesses & organisations – are you ready?
With the ever increase in personal information collected and stored globally to be used for marketing, finance, memberships, and many other purposes, we are seeing unprecedented figure stats of data growth (see here for example) – what happens to all this data? – who has access to the data and what happens when it gets into the wrong hands?
In the last few years we’ve been seeing in the news more and more severe data breaches occurring – some with very large organisations – leading to data loss, data theft, identity theft, and ultimately, loss of millions of dollars to cybercrime. A good example of a large recent data breach is where Yahoo (again) has had its users’ email accounts hacked in 2017… It’s just emails you say? What if you had a Yahoo email account registered with your bank, your Facebook & Twitter accounts, Amazon, eBay, and iTunes? If a hacker gains access to your email account, then there’s a good chance they could get access to one or more of the above services – especially if you don’t have two-factor authentication enabled on your linked accounts.
On February 22nd 2018, the Australian Government’s new Notifiable Data Breach scheme will come into effect – improving transparency – requiring all businesses & organisations that collect & store information to make known any data breach or data loss incidents that may occur. The purpose of the NDB scheme is to afford security & protections around personal information stored by any organisation that collects & stores information.
The NDB scheme should be integrated with your business’s IT security policies or in today’s terms, cyber security strategy. There’s really no excuse in today’s day and age for any business or organisation to not have such policies & strategies in place. Not having appropriate policies and strategies in place is a risk to the business continuity plan. Some insurance companies are now not renewing policies or accepting new clients that have more than 25 employees and no appropriate proven strategies in place. To them your business is too higher risk.
If you haven’t yet looked at the NDB scheme and aren’t even sure if your business or organisation qualifies, then see https://www.oaic.gov.au/agencies-and-organisations/faqs-for-agencies-orgs/businesses/small-business
Also, the Australian Government has put together some materials to start your journey to getting your cyber security strategy to a best practice standard – see https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme#additional-resources for more information.
Drop me a comment or private message if you want more information…
No Comments