Cyber Security – Is your business ready for the changes?

The Australian parliament has recently passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB scheme) on 13 Feb 2017.

From 22 February 2018, all entities covered by the Australian Privacy Principles (APPs) will have clear obligations to report eligible data breaches.

All entities will be required to take all reasonable steps to ensure an assessment is completed within 30 days. If an eligible data breach is confirmed, as soon as practicable they must provide a statement to each of the individuals whose data was breached or who are at risk, including details of the breach and recommendations of the steps individuals should take. A copy of the statement must also be provided to the Office of the Australian Information Commissioner (OAIC).

Many of our clients may have noticed some changes to the method of transferring important documents and files via our client portal, this is just one of the steps we have taken to ensure we are ready for the changes that are coming.

New Regulation With Global Implications

In addition to the above changes to the NDB, the EU General Data Protection Regulation (GDPR) introduces a whole new regulation with global implications. When it comes into force on 25 May 2018, it will, for the first time, mean that there is one uniform data protection law in place across the EU.

The impact on Australian businesses will apply when it:

  • offers goods or services to individuals inside the EU, even if no payment is required or
  • monitors the behaviour of individuals within the EU – especially if you perform analysis or profiling of that activity for predictive purposes.

If you would like to know more, please refer to the Federal Register of Legislation