OAIC prepares for Notifiable Data Breaches scheme

The Office of the Australian Information Commissioner (OAIC) Corporate Plan 2017–18 gives some insights into the Privacy Commissioner’s preparation for the Notifiable Data Breaches scheme which will commence on 22 February 2018.

Businesses and agencies regulated by the Privacy Act will be required to notify the individuals whose personal information is involved in a data breach which is ‘likely to result in serious harm’. There is also a requirement to notify the OAIC. Background.

The Corporate Plan states that significant OAIC resources have been allocated to the identification and management of risks associated with the implementation of the Notifiable Data Breaches scheme.

The OAIC will manage data breach notifications from businesses and Australian Government agencies.

It has set itself a KPI of 80% of data breach notifications being finalised within 60 days.

It is clear that businesses will need to have a data breach notification procedure as well as resources to interact with the Privacy Commissioner.

The OAIC’s delivery strategy
In 2017–18 it will:

  • Prepare for the implementation of the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Notifiable Data Breaches scheme) on 22 February 2018;
  • Continue to administer the legislated My Health Records data breach notification scheme;
  • Develop guidance and support tools for businesses and Australian Government agencies in relation to the Notifiable Data Breaches scheme and the My Health Records data breach notification scheme;
  • Provide information to the community about the commencement and operation of the Notifiable Data Breaches scheme;
  • Revise the OAIC’s Data Breach Notification — a guide to handling personal information security breaches.

Over the next four years it will:

  • Continue to provide assistance and advice to businesses and Australian Government agencies when they notify the OAIC about data breaches;
  • Conduct activities to ensure compliance under the Notifiable Data Breaches scheme;
  • Conduct activities to promote best practice in data breach management, including voluntary notification of data breaches;
  • Review the OAIC’s systems and processes for handling data breach notifications.
 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.