Do you have a Data Breach Response Plan in place?
As of 22 February 2018 the Privacy Act 1988 (Act), which has been amended, now makes it compulsory for individuals and companies* to implement a Data Breach Response Plan when a data breach occurs. The Act imposes harsh penalties, $360K for individuals and $1.8M for companies, for failing to comply with the Notifiable Data Breach (NDB) scheme. The NDB scheme is meant to strengthen and protect personal information held by organisations. If a breach occurs organisations must inform the Office of the Australian Information Commissioner as well as all affected individuals.