Managing privacy and data is imperative for any business, especially those who collect personal information. Did you know that any entity covered by the Privacy Act, must now provide mandatory data breach notifications within 30 days of becoming aware of a data breach has occurred? Furthermore, any business which stores personal information should provide for destruction of that information or risk facing hefty fines.
In addition to work relating to Privacy Policies, we can also assist with data breach issues, including preparing mandatory data breach notifications and providing advice if your business suffers a data breach.
Frequently Asked Questions
We highly recommend that all businesses seek legal advice as soon as they become aware of a data breach as it is important to take steps to reduce liability as quickly as possible.
However, only businesses that have a turnover of more than $3 million need to comply with the Notifiable Data Breaches scheme (NDB scheme) where notification of a data breach is mandatory in some instances.
Under the NBD scheme, if a business has reasonable grounds to believe that a data breach, containing personal information, has occurred, that is likely to result in serious harm to any affected individual, then it must not only notify the affected individuals but also notify the Office of the Australian Information Commissioner.