Mandatory Data Breach Reporting and Planning

Mandatory Data Breach Reporting and Planning

AU Energy Compliance, NT Energy Compliance
Failing to plan is planning to fail when it comes to data security and breach responses. In this post, we examine the regulatory obligations of entities under the notifiable data breach (NDB) scheme. Specially, we examine when reporting is mandatory and what the features of a broader effective response plan are. When is reporting mandatory? The NDB scheme is found in Part IIIC of the Privacy Act and requires certain businesses to notify affected individuals and the Privacy Commissioner of certain data breaches. The reporting obligation kicks in where there is an ‘eligible data breach,’ which is a data breach where: there is unauthorised access to or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);…
Read More
Is your business prepared for roll out of the Notifiable Data Breaches Scheme?

Is your business prepared for roll out of the Notifiable Data Breaches Scheme?

Uncategorized
This is our second post on the Notifiable Data Breaches Scheme. Amendments made to the Privacy Act 1988 (Cth) this year, create new obligations for certain Australian business entities and organisations with respect to data beach notifications. The changes will come into effect on 22 February 2018. Will my business be affected by the Scheme? Only government agencies, companies, businesses and organisations that are ‘APP entities’ who already have obligations with respect to personal information under the Privacy Act will be affected by the Scheme. Generally speaking, this includes federal government agencies, private sector and not-for profit organisations that have an annual turnover in excess of $3 million as well as certain businesses with an annual turnover of less than $3 million (small businesses) that handle personal information. If you…
Read More
What will the new EU Privacy Laws mean for your business?

What will the new EU Privacy Laws mean for your business?

Uncategorized
As of 25 May 2018, the European Union General Data Protection Regulation (GDPR) will implement a new extra-territorial data protection regime, which will impact Australian entities that handle personal data of EU residents. Thankfully some of the provisions of the GDPR mirror those of the Australian Privacy Act 1988, which Australian entities are hopefully already familiar with. However, there are numerous substantive differences and unique requirements that go beyond the Australian position. It is therefore important for organisations with operations in the EU to determine whether or not the GDPR applies to them and to ensure their personal data handling practices are brought into compliance before next year’s deadline. Does my business need to comply with the new EU regulations? You will need to comply with the GDPR requirements if…
Read More