April 23, 2018
A Look at the Notifiable Data Breaches Act
Data breaches are accelerating and can be disastrously damaging for both an organisation and its customers. According to research by Accenture, the global average number of security breaches each year is 130, which has increased annually by 27.4 percent.
For a business, data breaches can be detrimental to its brand, which will mean a loss of revenue and ultimately a loss of customer trust. For example, look at the knock-on effect of consumer credit reporting agency Equifax on credit markets around the world after 143 million of its personally identifiable customer records were successfully stolen.
To ensure the protection of consumers and encourage greater transparency among Australian organisations in the event of a data breach, the country’s first data breach notification law – dubbed the Notifiable Data Breach (NDB) scheme – came into effect on February 22, 2018.
Under the new law, officially known as the Privacy Amendment (Notifiable Data Breaches) Act 2017, any government agency, organisation or business with an annual turnover of $3 million or more in Australia that is covered by the Australian Privacy Act (1998) is obligated to notify individuals whose personal information is involved in a data breach, as soon as practicable after becoming aware of a breach.