Change and what to do in mandatory notifiable data breach regulations and notifications from 22nd February 2018 in Australia – NDB

The Australia Government is implementing a new initiative with regards to data security and privacy from 22nd Feb 2018, here in Australia.
If an Australia Business has been breached or lost data must report the incident to the privacy commissioner and notify their clients.

What does this mean for your business?
This bill applies to organisations that have responsibilities under the Privacy Act.
This includes:

  • Australian Government agencies, and
  • Businesses and not-for-profit organisations with an annual turnover of more than $3 million.

The privacy act also applies to certain types of businesses with an annual turnover of $3 Million or less. These businesses include:

  • Private sector health service providers (includes alternative medicine practices, gyms, and weight loss clinics fall into this category),
  • Child care centres, private schools, and private tertiary educational institutions,
  • Businesses that trade personal information,
  • Credit reporting bodies, and
  • Individuals who handle personal information under the mandatory retention scheme.

Source: Commonwealth of Australia Explanatory Memorandum  

What can I do for my business to protect it?

We recommend a number of things including, but not limited to,

  • Good virus and malware protections
  • Staff training – very important
  • Automated Onsite and offsite backups
  • Strong passwords – min 8 characters in length
  • Good firewalls
  • Anti-spam with URL checking
  • Monitored systems
  • Staff Computer Usage Policies and Agreements

Unfortunately threats are getting smarter by the day, and most of the worst threats we have seen today could be prevented by doing the above.
Its crucial, that it starts from passwords.
Use a good password manager with a long hard password to login, and then let the password manager create and maintain the rest of your passwords.
Download Lastpass from here – Free to use, but recommend the enterprise edition for sharing and groups. (We provide training on this)
Download the Breach Summary Doc (link from Govt Website)

The direct link to the Government website can be found here for complete information.

If you would like more information, don’t hesitate to contact Sterling IT

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.