Business and Organisations may now have requirements under the NDB laws

Business and Organisations may now have requirements under the NDB laws

From February 22nd 2018, the Notifiable Data Breaches (NDB) scheme applies to organisations and agencies regulated by the Privacy Act 1988

This will include businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting agencies and health service providers

State government organisations, local councils and businesses with a turnover less than $3 million a year will not be considered eligible and won’t be obligated to the new law.

—-

What is an eligible data breach?
If there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity

The access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

Individuals will have to be notified if:
The entity reasonable grounds to believe that an eligible data breach has happened

It is directed to do so by the Commissioner