Sign Up

Login/Sign Up

Don’t Get Caught Offside By The New Updates To Data Privacy

The Notifiable Data Breach (NDB) scheme, part of the Australian Privacy Act came in to effect on 22 February 2018.

As we know, the scheme applies to Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.

The scheme places an obligation on an entity to formally notify Government authorities and individuals affected when a serious breach of data (personal information) occurs in the workplace that is likely to result in serious harm to any individual affected – referred to as ‘eligible data breaches’.

An Quick Snapshot

data breach refers to the unauthorised access to or unauthorised disclosure of personal information (or a loss of personal information). This is covered under The Privacy Act, and businesses must ensure they have a privacy policy that meets these standards. You can read more about what’s covered under a data breach here.

A serious breach, as referred to by OAIC, is any that is ‘likely to result in serious harm to any of the individuals to whom the information relates’. That includes physical, psychological, emotional, financial or reputational harm.

If a serious data breach does occur, a business must:

1. Notify the individuals who it may affect, including recommendations about the steps they can take in response to the breach (and avoid harm), and

2. Notify the Australian Information Commissioner of the breach. You can now do that here.

Both of these must take place within 30 days of the breach occurring.

This means businesses need to ensure their systems, policies, processes are adjusted and training undertaken for key staff in order to ensure compliance and avoid penalties and fines if a data breach event occurs.

Any employer with staff that have access to large amounts of personal information (recruitment sector, for example) need to ensure they are prepared for the new laws and have the right systems in place to ensure it doesn’t affect their business.

Here’s what you need to know about the new NDS scheme and how to stay on top of the changes from today.

How To Protect Your Business

When it comes to privacy, it’s critical that systems are robustly maintained and staff trained correctly. A breach of personal information is one thing, but a team that aren’t aware of the privacy laws and processes such as this one is another.

Some data breaches do innocuously occur due to human error, lack of understanding and appreciation of what constitutes a privacy breach, and education about what to do when a problem arises are all common organisational challenges

Employers need to be aware of the new laws and update their processes accordingly and ensure that all staff are trained to understand the new scheme and how to systematically report a breach.

WorkPro can assist with the base education component.

WorkPro’s Privacy Module

WorkPro offers a Privacy Module as part of our extensive course library. Available as part of any induction/e-learning subscription, the Privacy Module includes a definition of personal information, obligations to protect an individual’s information as a business, a summary of the Australian Privacy Principles (2014), information about collecting, storing, disclosing, accessing, and how to deal with complaints.

Authored by privacy specialist company Service Excellence Consulting, naturally the module now includes an overview of notifiable data breaches.

If you are a WorkPro customer, you have unfettered access to module as part of your induction subscription so we invite you to use the opportunity to provide a privacy refresher and information about the scheme.

If you don’t already use WorkPro, you can try our privacy module yourself for free right here.

Online inductions and privacy training made simple.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound