As Australian businesses embrace technology, the volume of data, particularly personal information, held by these organisations is growing exponentially. Regulators are now focused on what happens when a data breach occurs.
Under the Notifiable Data Breach (NDB) scheme, commencing 22 February 2018, certain entities are now required to notify the Australian Information Commissioner and affected individuals if they suffer an “eligible data breach” (a breach which is likely to result in serious harm to the affected individuals).
The NDB scheme means that businesses need to update their data breach response plans to include steps to assess whether a data breach requires notification, and if so, to make those notifications promptly. How businesses respond to, and manage, data breach incidents will now be highly visible, so legal advisers need to be up-to-date on the latest legal position and developments in best practice.
This Practical Law Australia Commercial toolkit will provide you with the tools and guidance you need to respond to a data breach incident under the NDB scheme quickly and with confidence, including:
- Practice note: Responding to a data breach incident
- Practice note: Notifiable Data Breaches scheme
- Checklist: Steps to take if a data breach incident occurs
- Standard document: Letter notifying affected individuals of a data breach (relating to personal information)