Australian Data Breach Notifications
Who are you going to call when you have an “Eligible Data Breach”?
If you’re thinking the whole world has gone data breach mad you may be right. The Notifiable Data Breach legislation mandates that from tomorrow (23 February 2018) if you know of a data breach or you suspect your company’s private data has been compromised, you are obligated to report it to Office of the Australian Information Commissioner (OAIC).
Government agencies and corporations should now take steps to ensure that their IT Security processes and procedures will enable them to comply with these new regulations.
What does it all mean?
The mandatory data breach notification scheme being introduced will require organisations to promptly notify the Office of the Australian Information Commissioner (OAIC) and any potentially affected individuals of an ‘eligible’ data breach.
Once an agency believes their system has been breached, ie there has been unauthorised disclosure of personal information about one or more individuals, or where information has been misplaced and could be compromised, they must be prepared (and have in place), a detailed policy and action plan which spells out the processes to be followed in the event of a serious breach, regardless of whether personal information has been accidentally lost or following an orchestrated attack by hackers.
What needs to be done?
Companies need to get ready now, so they should be considering auditing of their current IT environment and processes. Off the back of an audit, a data breach action plan should be prepared and made available to all relevant staff. This Response Plan (or update to a current plan) should enable a company to respond quickly and effectively to an actual or suspected data breach.
The OAIC currently operates a voluntary data breach notification scheme and has published various resources to assist organisations with their handling of data breaches. This guidance will assist in ensuring that companies comply with the new regulations and it is expected that OAIC will release further information to assist with compliance in the following months.