From Thursday 22 February, 2018 the new Notifiable Data Breaches Scheme (NDBS) comes into effect nationwide. Failure to notify the Office of the Australian Information Commissioner (OAIC) of an ‘Eligible Data Breach’ can result in substantial fines with civil penalties of up to $340,000 for individuals and up to $1.7 million for businesses.
The new scheme applies to Australian Government agencies, businesses and not-for-profit organisations that have an annual turnover of more than $3 million. Please note any entity that provides Health Services are not included in the above exemption and must report a breach.
Data breaches can occur in a number of ways. Some examples include:
- Lost or stolen laptops, removable storage devices, or paper records containing personal information
- Hard disk drives and other digital storage media (integrated in other devices, for example, multifunction printers, or otherwise) being disposed of or returned to equipment lessors without the contents first being erased
- Databases containing personal information being ‘hacked’ into or otherwise illegally accessed by individuals outside of the agency or organisation
- Employees accessing or disclosing personal information outside the requirements or authorisation of their employment
- Paper records stolen from recycling or garbage bins
- An agency or organisation mistakenly providing personal information to the wrong person, for example by sending details out to the wrong address, and
- An individual deceiving an agency or organisation into improperly releasing the personal information of another person.
Insurance House have prepared a whitepaper that will help you understand how to prepare your business and respond in the event of an ‘Eligible Data Breach’.
Insurance House can assist you with designing a business insurance program to better risk manage your businesses exposure to potential data breaches.