Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security
Cyber Security Services

Notifiable data breach scheme

The Notifiable Data Breaches (NDB) scheme applies to all organisations under the Australian Privacy Act 1988 and outlines an obligation to notify individuals affected by a data breach.

What is a data breach?

An eligible data breach arises when the following three criteria are satisfied:

  1. There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds.
  2. This is likely to result in serious harm to one or more individuals.
  3. The entity has not been able to prevent the likely risk of serious harm with remedial action.

In this context, serious harm to an individual may include serious:

  • Physical harm
  • Psychological harm
  • Emotional harm
  • Financial harm
  • Reputational harm

Once a breach is classified as one of serious harm does an organisation needs to report it to not only the individual or individuals who have been affected but also the Australian Information Commissioner.

Sense of Security and the NDB

Data breaches can be caused by a variety of factors, involve different types of personal information, and give rise to a range of actual or potential harms to individuals and entities.

Each breach needs to be dealt with on a case-by-case basis, with an understanding of the risks posed by a breach and the actions that would be most effective in reducing or removing these risks.

Essential steps for protection of data:

  1. Classification
  2. Prevention
  3. Encryption
  4. Awareness
  5. Access
  6. Login
  7. Malware
  8. Firewall

Best practices to prevent and respond to data breach include:

  • Reducing the data that is collected and stored, and the duration for which data is retained. If you don’t need it – don’t collect it!
  • Performing a Privacy Impact Assessment – where the implications of loss of data are assessed in accordance with the measures in place to protect the data.
  • Reviewing relevant contracts with key suppliers to determine how information is to be handled
  • Educating staff on Data Breach Notification laws
  • Developing a Data Breach Response plan
  • Conducting extensive penetration testing to assess all the vectors through which your business may be attacked.
  • Assessing the access controls to all data stores and limiting access on a need-to-know basis.
  • Identifying what data you have, where it is, who has access to it and how it is protected, and then taking actions to improve the controls.

Let Sense of Security expertly implement NDB protection strategies to protect your business better.

Speak to one of our trusted experts
on 1300 922 923 or make an enquiry today.