Are you set up to manage the Notifiable Data Breaches Scheme?
What is the Notifiable Data Breaches (NDB) Scheme?
The NDB scheme is new legislation that requires businesses to notify the Australian Information Commissioner, and any affected individuals, of any data breaches that occur within a business that is likely to result in ‘serious harm’.
Serious harm can be psychological, emotional, physical, reputational or any other forms of harm. The scheme provides affected individuals with an opportunity to take steps to protect their personal information following a breach.
What is an eligible breach under the NDB scheme?
An eligible data breach occurs when three criteria are met:
1. There is unauthorised access to, or unauthorised disclosure of personal information, or a loss of personal information that an entity holds
2. This is likely to result in serious harm to one or more individuals, and
3. The entity has not been able to prevent the likely risk of serious harm with remedial action.
How do you work towards preventing serious harm through breaches?
• Intrusion Detection and Prevention: Implement software that continually watches for attempts at unauthorised intrusions, that blocks them automatically and alerts you when spotted.
• Implement anti-virus and anti-phishing solutions that have entire teams devoted to watching your devices.
• Prevent access to questionable websites with content and web-search filtering. Customise lists of sites to prevent these from being accessed by users within a network or VPN.
• Use advanced Malware Protection to protect your network and devices from harmful spyware, adware and ransomware being downloaded onto your devices.
• Protect unauthorised access using Office 365 with Multi-factor Authorisation i.e. staff will receive a message to their mobile when they sign-in at a different location or PC on their Office 365 account.
• Prevent malicious links, attachments and files being opened by staff with solutions that protect your business from threats. Receive a report on blocked links, understand their source and become proactive on what to avoid on the web.
• Secure your files, emails and associated content with a ‘Rights and Information Management’ solution that has custom policies to encrypt your data and sets document access and function levels.
Not sure if the NDB relates to your business?
The NDB scheme applies to any organisation that the Privacy Act 1988 requires to take steps to secure certain categories of personal information. This includes:
• Australian Government agencies
• All businesses and not-for-profit organisations with an annual turnover of $3 million or more
• All private sector health service providers
• Those that trade in personal information
• Some TFN recipients
• Those that hold personal information in relation to certain activities.
However, even if your business doesn’t turnover $3 million annually, it is important to protect your customers’ data from any vulnerabilities within your system. We recommend all businesses undergo a security assessment to identify any gaps or potential risks.
To coordinate a free security assessment or for any questions, contact Nettko on 1300 NETTKO (1300 638 856). For more information on the NDB Scheme, visit the Office of the Australian Information Commissioner website at www.oaic.gov.au.