{"id":14012,"date":"2018-04-13T07:25:55","date_gmt":"2018-04-12T19:55:55","guid":{"rendered":"http:\/\/quantiphy.com.au\/oldbackup\/notifiable-data-breaches-scheme-2\/"},"modified":"2025-03-10T13:33:28","modified_gmt":"2025-03-10T02:03:28","slug":"notifiable-data-breaches-scheme-2","status":"publish","type":"post","link":"https:\/\/quantiphy.com.au\/oldbackup\/notifiable-data-breaches-scheme-2\/","title":{"rendered":"Notifiable Data Breaches Scheme"},"content":{"rendered":"

At Quantum Partners we consider the protection of your client data and your personal information, including your TFN as a paramount responsibility.<\/span><\/p>\n

We constantly monitor our computer and internal systems and our electronic communication with you to minimise any chances or your data being exposed either deliberately by an outsider or accidentally by us.<\/span><\/p>\n

Recent legislation which applies to us and adds additional compliance obligations, response requirements and hefty penalties in the event of your data being compromised and not adequately dealt with has led us to conduct another full review.<\/span><\/p>\n

However these new compliance measures may also apply to your business and we encourage you to familiarise yourself with the Notifiable Data Breaches (NDB) scheme, especially those businesses with turnover above $3 million annually and\/or have existing obligations under the Privacy Act 1988 (Act), including the Australian Privacy Principles (APPs) to protect personal information.<\/span><\/p>\n

 <\/p>\n

What is the NDB scheme?<\/b><\/h2>\n

The NDB scheme applies to all agencies and organisations with existing personal information security obligations under the Australian <\/span>Privacy Act 1988<\/i><\/b><\/a> (Privacy Act) from 22 February 2018.<\/span><\/p>\n

The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.<\/span><\/p>\n

Agencies and organisations can lodge their statement about an eligible data breach to the Commissioner through the <\/span>Notifiable Data Breach statement \u2014 Form<\/b><\/a>.<\/span><\/p>\n

 <\/p>\n

Agencies and organisations must be prepared to conduct a quick assessment of a suspected data breach to determine whether it is likely to result in serious harm, and as a result require notification.<\/span><\/p>\n

Who must comply with the NDB scheme<\/b><\/h2>\n

The NDB scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.<\/span><\/p>\n

Which data breaches require notification<\/b><\/h2>\n

The NDB scheme only applies to data breaches involving personal information that are likely to result in serious harm to any individual affected. These are referred to as \u2018eligible data breaches\u2019. There are a few exceptions which may mean notification is not required for certain eligible data breaches.<\/span><\/p>\n

Assessing suspected data breaches<\/b><\/h2>\n

Agencies and organisations that suspect an eligible data breach may have occurred must undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected.<\/span><\/p>\n

How to notify<\/b><\/h2>\n

When an agency or organisation is aware of reasonable grounds to believe an eligible data breach has occurred, they are obligated to promptly notify individuals at likely risk of serious harm. The Commissioner must also be notified as soon as practicable through a statement about the eligible data breach.<\/span><\/p>\n

The notification to affected individuals and the Commissioner must include the following information:<\/span><\/p>\n