Checkbox is a multi award-winning No-code Workflow and Automation Platform, that enables experts to automate documents, workflow and assessments using drag and drop.
As personal data breaches become an ever-growing hot topic, governments around the world are implementing legislative measures to provide citizens with greater transparency on their data. In Australia the Notifiable Data Breaches scheme (which came into force on February 22nd) is one such measure and requires all organisations with personal data security obligations under the Privacy Act to report a breach if it is likely to cause harm to the person affected.
The NDB applies to all companies with existing personal information security obligations under the Privacy Act. This includes business and NFP organisations with a yearly turnover of $3m or more. Organisations that fall under this definition include health service providers, government bodies, credit reporting bodies, and TFN recipients.
The scheme only requires “eligible data breaches” to be notified to persons affected and the OAIC (Office of the Australian Information Commission). An assessment of the data breach must take within 30 days of the incident assessing whether a data breach is likely to cause serious harm.
A notifiable breach occurs if 3 criteria are met:
As a regulatory body, the OAIC Commissioner can take regulatory action in response to non-compliance. The OAIC can also impose civil penalties and issue fines of up to 10,000 penalty units or $2.1m - non-compliant entities may be sued for damages by those affected.
There are three main ways that a business can prepare for the NDB scheme: