The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 established a Notifiable Data Breaches (NDB) scheme in Australia. Commencing from 22 February 2019, the NDB scheme requires organisations covered by the Australian Privacy Act 1988 (the Act) to notify any individuals likely to be at risk of serious harm by a data breach. The notice must include recommendations about the steps individuals should take in response to the data breach, including notifying the Australian Information Commissioner.
To support our members, NADA developed a ‘Data breach response plan’ template for you to customise to suit your organisation’s needs. The template is designed for organisations regulated by the Australian Privacy Act, and encompasses:
setting up a data breach response team
defining and assessing a data breach
determining risk level of data breach
following a four-step process in response to data breaches occurring.