Mandatory Data Breach Reporting (Australia)

An entity that is required to comply with the Privacy Act 1988 must take reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.  This extends to situations where an entity engages a third party to store, maintain or process personal information on its behalf.
New provisions will take effect on the 22nd February 2018.

​In February, 2017, the Australian Commonwealth government passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016, which will amend the Privacy Act, making it mandatory for companies and organisations to report “eligible data breaches” to the Office of the Australian Information Commissioner (OAIC) and any affected, at-risk individuals.

Does the Privacy Act apply to my organisation?
Australian Government agencies and all businesses and not-for-profit organisations with an annual turnover more than $3 million have responsibilities under the Privacy Act, subject to some exceptions.
Some small business operators (organisations with a turnover of $3 million or less) are covered by the Privacy Act including:private sector health service providers. Organisations providing a health service include:traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionalcomplementary therapists, such as naturopaths and chiropractorgyms and weight loss clinicchild care centres, private schools and private tertiary educational institutions.businesses that sell or purchase personal informationcredit reporting bodies. More information about responsibilities under the Privacy Act can be found here.

What are reasonable steps?
The reasonable steps entities should take to ensure the security of personal information will depend on the circumstances, including the following:the nature of the entity holding the personal informationthe amount and sensitivity of the personal information heldthe possible adverse consequences for an individualthe information handling practices of the entity holding the informationthe practicability of implementing the security measure, including the time and cost involvedwhether a security measure is itself privacy invasive.Guidance from the OAIC on what “reasonable steps” are may be found here.
Reasonable steps would include:Performing or conducting Privacy Impact Assessments (PIA)Implementing Privacy by design principlesPerforming information security risk assessmentsCreating and maintaining a Privacy PolicyHaving a comprehensive and up to date set of information security policiesRestricting physical and logical access to personal information on a “need-to-know” basisKeeping your software up to date and currentEmploying multi factor authenticationConfiguring your systems for securityEmploying end point security softwareSecurity monitoring tools to detect breachesUsing network security toolsPenetration testing exercisesVulnerability assessmentsHaving a data breach response process
Contact us for more information.

74 thoughts on “Mandatory Data Breach Reporting (Australia)”

  1. Pingback: Buy Exelon (Rivastigmine) 6mg, 4.5mg, 3mg, 1.5mg - Best Prices 2023

  2. Pingback: methotrexate buy

  3. Pingback: gabapentin price

  4. Pingback: zetia tablets 10mg

  5. Pingback: generic etodolac

  6. Pingback: buy generic strattera

  7. Pingback: cheap oxcarbazepine

  8. Pingback: risperdal tablets

  9. Pingback: buy baby benadryl

  10. Pingback: order ventolin online

  11. Pingback: colchicine tablets dosage gout

  12. Pingback: nitrofurantoin online

  13. Pingback: buy zocor heart pro

  14. Pingback: diltiazem hcl tablets

  15. Pingback: order diclofenac uk

  16. Pingback: buy meclizine cvs

  17. Pingback: buy naltrexone no prescription

  18. Pingback: pioglitazone online

  19. Pingback: prednisone online

  20. Pingback: generic alendronate

  21. Pingback: buy olanzapine zyprexa

  22. Pingback: generic amantadine

  23. Pingback: buy requip online no prescription

  24. Pingback: cheap triamterene

  25. Pingback: bentyl online

  26. Pingback: buy clomid and arimidex

  27. Pingback: fluoxetine 2023

  28. Pingback: dulcolax 5mg

  29. Pingback: compazine 25 mg tablets

  30. Pingback: elavil for sleep disorder

  31. Pingback: diclofenac xr tablets

  32. Pingback: cheap singulair generic

  33. Pingback: pentoxifylline prices

  34. Pingback: buy furosemide 2023

  35. Pingback: doxazosin prices

  36. Pingback: topamax sale

  37. Pingback: cheap cetirizine

  38. Pingback: what pain pills can you take with coumadin

  39. Pingback: dexamethasone sleeping pills

  40. Pingback: seroquel for sale online

  41. Pingback: buy zofran australia

  42. Pingback: omnicef price

  43. Pingback: buy premarin nasal spray

  44. Pingback: reglan price

  45. Pingback: cheap motrin

  46. Pingback: generic lansoprazole

  47. Pingback: losartan prices

  48. Pingback: buy prazosin

  49. Pingback: depakote and birth control pills

  50. Pingback: order depo medrol for cats

  51. Pingback: metformin online

  52. Pingback: how to buy celebrex

  53. Pingback: buy phenazopyridine online

  54. Pingback: prednisolone online

  55. Pingback: buy clonidine

  56. Pingback: buy goodyear allegra in canada

  57. Pingback: amlodipine generic

  58. Pingback: zyprexa 5mg

  59. Pingback: buy toradol

  60. Pingback: discount januvia canada

  61. Pingback: nexium prices

  62. Pingback: dramamine online

  63. Pingback: promethazine-codeine buy uk

  64. Pingback: generic tamsulosin

  65. Pingback: carbamazepine generic

  66. Pingback: aricept online cheap

  67. Pingback: haloperidol price

  68. Pingback: lisinopril 5mg

  69. Pingback: buy prilosec canada

  70. Pingback: atarax tabletes 25mg

  71. Pingback: where to order depo provera

  72. Pingback: can you buy allopurinol over the counter

  73. Pingback: can buy ventolin online

  74. Pingback: clonidine buy uk

Comments are closed.