Mandatory Data Breach Notification laws are coming…are you ready?

Data Breaches, Data Security

Australian Mandatory Data Breach Notification

22/02/2018

The Mandatory Data Breach notification scheme in Australia has come into effect today. The new scheme will strengthen the protections afforded to everyone’s personal information and will improve transparency in the way that the public and private sectors respond to serious data breaches.

This legislation is a new way of putting data first and companies will be able to prioritise their existing information security programs of work around what is considered to be Personal Identifiable Information (PII).

Who do the changes apply to?

The changes apply to Commonwealth Government agencies and private sector organisations who are currently subject to the Australian Privacy Principles under the Privacy Act.

This includes private sector organisations, including not-for-profits, with annual (group) turnover of more than $3 million. It also includes small businesses that may be earning $3 million or less where they are health service providers involved in trading in personal information, contractors that provide services under a Commonwealth contract or credit reporting bodies, amongst others.

Entities already exempt from the operation of the Australian Privacy Principles remain exempt from the changes.        

For example, the changes apply to private schools or companies with a turnover of more than $3 million per year, but not to local councils or state government agencies.

What are the fines that an entity might face if it is subject to an eligible data breach?

Where an entity experiences an eligible data breach, the occurrence of that data breach in and of itself is unlikely to result in the entity facing penalties. Rather, a failure to report an eligible data breach will be considered an interference with the privacy of an individual affected by the eligible data breach. Under the Privacy Act, this means that a failure to notify affected individuals of an eligible data breach could be the subject of a complaint to the Privacy Commissioner.

Serious or repeated interferences with the privacy of an individual can give rise to civil penalties of up to $2.1 million. (We note that company directors or management will not be personally liable for such serious or repeated interferences.) The biggest impact is expected to be on reputation and the ability of the company to acquire new customers and keep the current customer base due to lack of trust in its ability to protect the information assets of its customers.

Are there any new rules relating to the security of personal data introduced by the changes?

There are no new requirements regarding the security of personal data. However, the changes primarily supplement Australian Privacy Principle 11 which requires entities who hold personal information to take reasonable steps to protect personal data from misuse, interference and loss, and from unauthorised access, modification or disclosure.

How can Ground Labs help?

Ground Labs have developed and commercialised a software that searches for all sensitive information within the network identifying all personal information data types and allowing the organisation to gain complete control over their information assets. The solution will not only identify but also allow the company to remediate any inappropriately stored sensitive information and allow the management team to make a data-driven decision in how to manage the information assets of the organisation.

Enterprise Recon is a worldwide recognised technology that assists with implementation and maintenance of major cybersecurity standards and regulations in Australia and across the globe such as PCI DSS, Australian Privacy Principles, HIPAA, Cyber Security Framework by NIST, IRAP, VPDSS and GDPR.

Marketing Ground Labs

Author
marketing@groundlabs.com

We are a sensitive data discovery company with operations globally. Our software helps companies of all sizes discover, remediate and monitor sensitive personal data across on-premises storage and in the cloud to meet global data compliance standards such as PCI DSS and GDPR.

Stay ahead of hackers

Sign up for our monthly security
newsletter and stay ahead.



Copyright © 2018 Ground Labs Pte Ltd – All rights reserved | Legal | Privacy | EULA

It's time to find your data

Enterprise Recon used on tablet

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources Ground Labs

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question?
Need help?
Our dedicated support
team are here to help!

Get Support

Case Studies
& White Papers

Learn how our products
work from some of our customers

Learn more

Blog

Stay on top of recent
cyber trends like GDPR
and datasecurity.

Stay Up To Date

Events

We demo our products at
events around the world.
Why not meet us in person?

Meet us

It's time to find your data

Enterprise Recon used on tablet

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources Ground Labs

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question?
Need help?
Our dedicated support
team are here to help!

Get Support

Case Studies
& White Papers

Learn how our products
work from some of our customers

Learn more

Blog

Stay on top of recent
cyber trends like GDPR
and datasecurity.

Stay Up To Date

Events

We demo our products at
events around the world.
Why not meet us in person?

Meet us