So, you have heard that from 22 February 2018, a new Notifiable Data Breaches Scheme – or NDB Scheme for short – will impose obligations on organisations covered by the Privacy Act and APP’s:
"to notify affected customers and the Office of the Australian Information Commissioner (OAIC) when it is aware of, or have reasonable grounds to suspect, an eligible data breach has occurred."
Er….sure, will do (?)…but what exactly does it mean…and more importantly what exactly are you required to do?
Do you have to notify customers of every single breach? And what are these ‘eligible data breaches’? And what if you aren’t quite sure whether there was actually a data breach, let alone one of these ‘eligible data breaches’? How can you notify? Will a #DataBeenBreached tweet do?
If any of this has left you scratching your head…you are not alone.
That is why ADMA has created (and will continue to create) a range of handy tools and resources to demystify the legalese and to explain what the new laws actually require you to do.
If you have any particular (or additional) questions about the NDB Scheme – get in touch with ADMA’s Legal & Regulatory Manager.
Don’t forget to come back and check for new NDB compliance resources and tools!