What is the Notifiable Data Breaches scheme?

The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 established a Notifiable Data Breaches (NDB) scheme in Australia.

The NDB scheme requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach. Organisations will need to be prepared to conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm.

Notice of breaches must include recommendations to individuals about the steps that individuals should take in response to the data breach. The Australian Information Commissioner (Commissioner) must also be notified.

The changes come into effect from February 2018.  More information and about the NDB scheme and resources to assist organisations prepare for the change can be found on the Office of the Australian Information Commission’s website.