In February 2018 The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Privacy Act) came into effect. This applies to everyone covered by the Privacy Act (generally organisations with a turnover of $3m or more).
While it may seem a very dry topic, ignorance is no excuse, and the penalties for not complying can be significant.
The changes establish requirements for entities responding to data breaches. Entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach.
A data breach for example could be as serious as someone hacking into your server, email system, cloud storage system, or it could be as simple as leaving a USB drive on a bus. The Australian Signals Directorate recommends these top 4 steps to secure your system:
• Application whitelisting
• Patching applications
• Patching operating systems and using the latest versions
• Restricting administrative privileges
There is a lot of detailed guidance available, which is well worth having a read of: