Data Breach Reporting in Australia: How it works
Data breaches can be a bit confusing, but don’t worry! CSR is here to help you understand what they are and why they matter. In Australia, just like in many other countries, data breaches happen when important information called personal information (PI) gets into the wrong hands. Let’s dive into the details!
What is a Data Breach?
Imagine you have a secret diary with all your private thoughts and drawings. Now, picture you give this diary to your best friend for safe keeping and than someone sneaks into there room, finding your diary, and reading everything in it without your permission. That’s similar to what happens in a data breach. Instead of a diary, it involves important information like names, addresses, passwords, or even bank details. Unauthorized individuals get access to this information, and that’s not good!
Why Do Data Breaches Happen?
Data breaches can happen for many different reasons. Sometimes, hackers use tricky computer programs to break into a company’s computer systems. Other times, it might be because someone lost a laptop or a USB drive that had important information on it. Some data breaches also happen when companies don’t protect our information well enough. The most common form of data breach is when people who do have legitimate access to the information decide to misuse it.
How do Data Breaches Impact Us?
Data breaches can be really harmful. When our personal information is in the wrong hands, it can be misused. People might pretend to be us and do bad things in our name. It can also lead to identity theft, where someone steals our identity and does things like opening bank accounts or getting credit cards in our name. Data breaches can make us feel worried and unsafe.
What is the Australian Government doing to track Data Breaches?
How do you solve a problem if you do not know it is occurring? That is the biggest concern with data breaches that third parties are holding your information and maybe the only ones to know if your information was exposed.
So to shine light on the scale of data breaches the Australian Government instituted the Notifiable Data Breach (NDB) scheme.
Starting in February 22, 2018 the NBD requires Australian companies who expose PI to report it to the Office of Australian Information Commissioner (OAIC) as well as the individuals who’s information was exposed (consumer notification). Failure to report an eligible data breach or to report it to the OAIC in a timely manner would expose the company to fines. These fine h have grown from a maximum of $2.1 million AUD in 2018 to $50 million AUD in 2023.
However so as not to be over run with reports, companies would only need to report the data breach if it is an eligible data breach.
What is an Eligible Data Breach?
An eligible data breach as defined by the NBD occurs when
- there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation or agency holds
- this is likely to result in serious harm to one or more individuals, and
- the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action.
- An organisation or agency that suspects an eligible data breach may have occurred must quickly assess the incident to determine if it is likely to result in serious harm to any individual.
How to Report to OAIC?
If you are not sure how to report an eligible data breach to the OIAC than CSR is here to help you. With our patented Australian Breach Reporting Service we have a team of dedicated certified privacy professionals to review your case. If our CIPPs determine it is an eligible data breach they will take care of all the paperwork and forms for the OAIC and with consumer notification.
It maybe impossible to stop 100% of data breached, but it is possible to be 100% fully prepared for a data breach. With CSR Breach Reporting Service you are prepared.