Are You Ready for the NDB Scheme?
“The what scheme?” I hear you say.
Most people have no idea what the NDB – or Notifiable Data Breaches – scheme is but if you run a business you MUST be prepared for when it comes into effect on 22 February 2018.
About the Notifiable Data Breaches Scheme
The NDB scheme is intended to strengthen the protections afforded to personal information, and improve transparency in the way that organisations respond to serious data breaches.
The NDB scheme requires organisations covered by the Australian Privacy Act to notify any individuals likely to be at risk of serious harm following a data breach. At the same time, the Office of the Australian Information Commissioner must be notified.
The act makes it clear that serious harm isn’t necessarily only related to financial losses but could also include the public disclosure of private information such as a medical condition, for example.
Generally speaking the NDB scheme will apply to all businesses with an annual turnover of more than $3 million in any financial year since 2001; as well as businesses operating in specific industries such as health care. As a small business with a turnover of less than $3 million a year, you may well be exempt. But, like anything to do with government regulation, it’s complicated.
Better to be safe than sorry
If you store private and confidential information about your customers or clients then I would urge you to prepare for the NDB scheme. Ignorance of a breach is no defence and it’s important to understand that cyber security is a business risk and not an IT risk. After all, you don’t want the kind of bad publicity Domino’s Pizza faced recently when personal details of their customers fell into the hands of scammers.
Preparing for the NDB scheme is closely tied to your company’s cyber security strategy. I think it’s fair to say that most SME’s probably don’t have a cyber security strategy; so using the NDB scheme as a catalyst to review your IT security and create a cyber security strategy makes sense. With the commencement of the scheme imminent, now is the time to start this process.
It is highly likely that most businesses will be attacked at some point, so it is essential to have a road map of how the organisation will respond after an incident. It’s important to understand who in the company has ultimate responsibility for security, including a chain of succession if key people aren’t available. Even if the NDB scheme doesn’t apply to you, it is good practice to follow the same guidelines and preparation.
If you want learn more about the NBD scheme, visit the OAIC website which has lot of information and resources.
I encourage you to start preparing now. If you want some help understanding the NBD scheme and how to prepare for it then contact the team at Proactive IT Solutions.