Personal data is collected every day by a wide range of businesses and organisations. This can be beneficial in providing ease of access to information. However, a breach of this data could potentially damage the reputation of an entity and pose potential harm to individuals.
The Privacy Act 1988 was recently amended to include the Notifiable Data Breaches Scheme. The Office of the Australian Information Commissioner (OAIC) oversees this Scheme. As a result, all entities with existing obligations under the Act must comply with the Scheme. Examples of these entities include:
Those who do not comply may be liable for significant fines of up to $2.1 million.
For an eligible data breach to occur the following needs to be satisfied:
OR the information is lost in circumstances where:
The term “Serious Harm” is not defined in the Act. The OAIC, however, has noted: “in the context of a data breach, serious harm to an individual may include serious physical, psychological, emotional, financial or reputational harm”.
If an eligible data breach occurs, an entity must:
At Forsyths your privacy is important to us. We have a Privacy Policy that outlines the type of information we request from clients, as well as how we keep this information secure. We have also implemented a Notifiable Data Breach Scheme Policy to ensure the requirements of the Scheme are met. Click here to see the latest version of our Privacy Policy.
If you think your business may need to comply with the Scheme, please visit the OAIC website for more information https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme.