Understanding the Australian Notifiable Data Breach Scheme

Guidance on the NDB and its implementation

Guidance on the NDB and its implementation

In February 2018, Australia’s NDB Bill will go into effect. It requires Australian businesses with turnover of $3 million and over to comply with new data breach notification standards or face stiff fines.

Get the White Paper
Getting the Board On-Board with Data Breach Notification

Getting the Board On-Board with Data Breach Notification

Lesen Sie den Lösungsbericht
Impact of NDB on organisations

Impact of NDB on organisations

Watch Video

With the passing of the Privacy Amendment (Notifiable Data Breaches) Bill 2016, Australian companies have more reason than ever before to take cybersecurity seriously. IT leaders can expect questions and concerns from business leaders about what the new laws mean for their organisation. Here’s how to answer some of the most common ones and bring business decision-makers in-line with your cybersecurity strategy.

Who does the new Data Notification Law affect?

Who does the new Data Notification Law affect?

Australia’s Data Notification Law goes into effect February 22, 2018. It will apply to businesses governed under the Privacy Act 1988 – including any with annual turnovers of $3 million, or businesses that collect and store sensitive user information like payment or personal data. If a data breach will likely result in “serious harm” to individuals, whether reputation, finances, or even safety, you’ll be required to notify the relevant parties. Remind your board that failure to do so can be costly, earning fines of up to $1.8 million!

What is the potential impact?

What is the potential impact?

It is important to recognise data breaches are not an “if” scenario, but a “when.” One in four organisations with top cybersecurity defences still experience data breaches, according to the Ponemon Institute. For those who might play down the costs of a breach, inform them that 90% of a cyber-attack’s bottom-line impact is felt up to two years after an attack. The new data breach laws add hefty fines and heightened public scrutiny to many other consequences of a breach: loss of sales and contracts, compromised IP, and legal action. If necessary, remind your business leaders that customers and shareholders will hold them responsible for non-compliance with these laws.

How can we reduce the likelihood of a breach?

How can we reduce the likelihood of a breach?

Monitor your networks. It takes an average of six months to discover a data breach, according to the 2017 Ponemon Institute study. It’s critical to have a robust monitoring system not only to help you and your team identify and stop threats more consistently, but also to make compliance with data breach notification laws much simpler. The more visibility you have into your data and networks, the easier it is to give details to regulators and the public if a breach occurs.
 

Talk to a security expert to learn more.