Following consultation, the Notifiable Data Breaches (NDB) scheme resources have been finalised. You can view all of the resources on the NDB webpage.
Under the NDB scheme, agencies and organisations regulated by the Australian Privacy Act will be obligated to notify individuals affected by a data breach that is likely to result in serious harm. The Australian Information Commissioner must also be notified.
The NDB resources cover:
which agencies and organisations have obligations under the scheme
how to identify an eligible data breach
exceptions to notification obligations
how to notify affected individuals and the Commissioner
the role of the OAIC in the scheme
They are currently updating the Data breach notification — A guide to handling personal information security breaches and Guide to developing a data breach response plan resources to develop a comprehensive guide to data breach management responsibilities and best practice.
The updated guide is expected to be released in early 2018.
If you want to discuss strategies on how your business can manage the NDB requirements, please get in touch.