The Privacy Amendment (Notifiable Data Breaches) Act 2017 has been enacted by the Australian government to amend the Privacy Act 1988, the original law regulating the handling of individuals’ personal information. The act expands upon the scope of personal data privacy for Australian residents and applies fully as of 22 February 2018.
The Notifiable Data Breaches (NDB) scheme introduces an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in harm to those whose data was compromised. The notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches. Agencies and organisations are required by the Privacy Act 1988 and its 2017 amendment to take steps to secure certain categories of personal information that can easily identify an individual. This includes Australian Government agencies, business and non-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.
As a globally active organization, Therefore Corporation welcomes the new regulation as a step in the right direction towards strengthening personal privacy rights.
How Therefore™ Can Help
The Privacy Amendment (Notifiable Data Breaches) Act 2017 requires significant effort and investment in data security and protection by any affected entity. By relying on the concepts of Privacy by Design and Privacy by Default, Therefore™ offers an ideal solution towards compliance.
Therefore Corporation strives to help you achieve compliance by offering an information management solution that allows you to store, find, and catalog the personal data retained by your organisation and create a more secure data environment. Furthermore, Therefore™ offers resources that simplify the monitoring and management of the personal data you retain within the system, and provides tools to help you meet the regulation’s reporting and assessment requirements.
However, based on the broad scope and nature of the Privacy Act and the NDB scheme, it is important to recognize that compliance goes beyond software. Compliance is the result of a combination of sound data protection policies, procedures, training, and reporting. Therefore™ can help your organisation achieve these results, and thus compliance, by providing tools which make it easier for you to discover, manage, secure, and report on the personal data your organization retains.
A correctly configured, maintained, and administered Therefore™ system helps you to securely handle personal information and provide more protection against data breaches when combined with proper organizational procedures, training, and operations.