As an update to the Privacy Act 1988, Australia’s Notifiable Data Breaches scheme (NDB) has officially come into force as of 22 February, 2018. This new provision mandates Australian government agencies and other enterprises securing personal information must notify the Office of the Australian Information Commissioner (OAIC) of data breaches expected to result in harm.
NDB applies to businesses, government agencies, and organizations already included in the Privacy Act and is supported by Australian citizens. 93% of Australians do not trust their data overseas and overwhelming think they should be informed if their data is lost according to the Australian Community Attitudes to Privacy Survey 2017.
“With such strong nationwide support for mandatory data breach reporting, Australia is taking security incident response seriously with the new mandate,” said Tho Yeong Chien, Resolve Systems’ VP of APAC. “There is a certain level of perceived risk with online services and people don’t trust their data is protected. The new scheme just reaffirms security incident response’s importance. Responding to a data breach in the most accelerated way will continue to instill consumer confidence.”
A data breach worthy of this reporting is classified as personal information held by an organization is lost or subjected to unauthorized access or disclosure. This includes when personal information is hacked or mistakenly given to the incorrect individual.
When assessing a suspected data breach, consider three things:
Do you need to assess your readiness for a security incident response platform? Read the datasheet now.
“By reinforcing accountability for personal information protection, the NDB scheme supports greater consumer and community trust in data management. This trust is key to realizing the potential of data to benefit the community, for example, by informing better policy-making and the development of products and services,” said Timothy Pilgrim, Australia’s Information Commissioner.
Identify eligible data breaches – and reduce the false alerts from your SIEM – by following the following criteria:
SOCs need to think beyond prevention and detection. Read 451 Research’s Business Impact Brief now now.
There are still further exclusions from NBD. Read more about the exceptions, including any notification already covered by the My Health Records Act of 2012 on the OAIC website.
With a mandatory statement prepared for the Commissioner when a notifiable breach occurs, with an established form already prepared, what can security operations teams do?
Enterprises looking to protect personal information – especially in regulated industries lacking consumer confidence like insurance, banking, and finance – will need to not only be alerted to a security incident, but prioritize real alerts by validating and responding to them promptly. When 69% of Australians express concern about cybersecurity privacy, instill confidence with an enterprise-wide automation and orchestration platform to respond to threats in the quickest way.
“Generally, entities have 30 calendar days to conduct this assessment. However, entities should treat this as a maximum time limit and endeavor to complete the assessment in a much shorter timeframe so that any risks of serious harm to individuals are addressed as quickly as possible,” reaffirmed Timothy Pilgrim in an interview with MinterEllison.
Resolve’s security orchestration and automation platform is the global leader to accelerate security incident response to contain a breach and execute response across the entire enterprise.
Ready to learn more about achieving resolution by responding to security incidents? Read the white paper now.
Learn more about the top 3 challenges and how to overcome them.
Find out how the Cognitive NOC has become the driving force in network management.
How to make your NOC performance reach its full potential.