If your organisation collects personal information and is meant to keep that information private – you need to be aware of new laws which will dictate what you will need to do if there is a data breach.
The new laws are due to commence 22 February 2018 so there is not a lot of time to prepare for them.
Who will be affected by these changes?
An organisation that:
- has an annual turnover of more than $3,000,000;
- provides a health service (regardless of its turnover);
- discloses personal information about another individual to anyone else for a benefit service or advantage;
- provides a benefit service or advantage to collect personal information about another individual from anyone else;
- is a contracted service provider for a Commonwealth contract (whether or not they are a party to the contract) or
- is a credit reporting body.
What is a data breach?
A data breach occurs when personal information held by the organisation is lost or is the subject of unauthorised access or disclosure. It is not limited to being hacked.
If there is a real risk of serious harm as a result of a data breach, the affected individual and the Office of Australian Information Commissioner will need to be notified.
This publication has been carefully prepared, but it has been written in general terms and should be viewed as broad guidance only. It does not purport to be comprehensive or to render advice. No one should rely on the information contained in this publication without first obtaining professional advice relevant to their own specific situation.