Explanation of the NDB Scheme
The Notifiable Data Breaches (NDB) scheme under the Australian Privacy Act mandates that any organization covered by the Australian Privacy Principles (APPs) must notify individuals affected by data breaches that are likely to result in serious harm. This scheme is a critical part of the privacy management framework as it ensures that organizations are accountable for protecting personal information.
Criteria for Notifying Breaches
Criteria for notification include:
The data breach is likely to result in serious harm to any individuals whose personal information is involved.
The organization has not been able to prevent the likely risk of serious harm with remedial action.
Examples include:
Loss or theft of physical devices (like laptops and storage devices) containing personal information.
Unauthorized access to personal data by an employee.
Disclosure of personal information to the wrong person, for example, sending personal details to the wrong email address.
The NDB scheme emphasizes the need for robust security measures, quick action in case of breaches, and transparency towards individuals potentially impacted by such incidents.
Comments