2018 is proving to be the year that data protection regulations around the world are tightened. Europe and the UK will see the General Data Protection Regulations (GDPR) come into force from May 2018, triggering the biggest changes to how businesses store and manage personal data in the region in over 20 years. Here in Australia, we are seeing similar regulatory action on the rise. From February 2018 many Australian businesses will need to comply with the new national Notifiable Data Breaches scheme. So, here is what you will need to know.
What is the Notifiable Data Breach Scheme?
The Notifiable Data Breaches (NDB) scheme is part of the Privacy Amendment (Notifiable Data Breaches) Act 2017. It introduces a new requirement for organizations to alert individuals whose personal information is part of a data breach ‘likely to result in serious harm’, as well as the Office of the Australian Information Commissioner (OAIC). Part of this notification must be recommended steps for the individual to take in response to the breach.
Personal information, as defined by the Privacy Act, can include an individual’s name and address, medical records, bank account details, photos, videos, employment or even likes and dislikes. Any organization in Australia that possesses this type of information is required to protect it from ‘misuse, interference, and loss, as well as unauthorized access, modification or disclosure’.
Who does the Notifiable Data Breach Scheme apply to?
The NDB scheme applies to any agency or organization that is required to ‘secure certain categories of personal information’ under the Privacy Act 1988, including Australian Government agencies, businesses, and not-for-profit organizations with an annual turnover of AUD$3 million or more, credit reporting bodies, health services provider, and TFN recipients.
How to prevent data breaches in the first place
Australian organizations are advised to have ‘Privacy by Design’ to be better equipped to comply with the Privacy Act and, through that, the NDB scheme. Privacy by Design involves managing personal information in a transparent way and taking reasonable steps to implement procedures and systems to ensure compliance.
One of the most common ways information is leaked is via email. Sending an email to the wrong person, or with the wrong files attached, is something easily done. Fortunately, there is a way to prevent it. cleanDocs is our solution that was specially designed to be a two-pronged defense against accidental data breaches over email. It integrates directly with Microsoft Outlook and asks the user to check and confirm that the email recipients and attachments are as intended. Plus, it can clean files of hidden, embedded metadata so the user can be confident they are only sending the information that would be printed out on a page.
cleanDocs is the only solution available offering both metadata cleaning and email recipient checking in one Outlook add-in. It is an essential compliance tool for the NDB scheme and any global regulation that is designed to better protect personal information from data breaches. Working to prevent data breaches is simultaneously protecting your organization from financial and professional damage while ensuring more efficient workflows. Act now to achieve Privacy by Design in your business and be confident 2018 will be free from fines and penalties for non-compliance.
cleanDocs combines metadata management and recipient checking in a single tool for sending secure emails. Protect your organization today.
About the author
Azan drives and manages sales in Australia, New Zealand, and Asia. He brings with him over 15 years' experience in the IT industry including many years as a software engineer and developer. Azan holds a degree in Computer Science from the Victoria University of Wellington.