Australian's new Notifiable Data Breaches (NDB) scheme comes into effect today. If you fall under the broad swathe of organisations that needs to to comply with the Privacy Act, then the NDB applies to you. But if you've not being paying attention and haven't been preparing for this, don't panic. You can get yourself moving towards being prepared.
The most critical thing to do, if you haven't made a start in preparing for the NDB, is to review what data you are holding, where it is kept and who can access it. The key is to focus on personal information - things like names, addresses, phone numbers, email addresses, passport numbers, medicare numbers and medical information.
The NDB doesn't concern itself with the loss of your intellectual property. It's about protecting people if their personal information falls into the wrong hands.
It's also a good idea to put together a plan so that, in the event of a breach or some other event leading to a leak of information (that could be a lost computer, a USB drive accidentally left somewhere or an email containing information that is sent to the wrong person), you know what you need to do to respond.
That includes notifying the affected parties, the privacy commissioner (they have a handy online form for this), and knowing who to call if you'll need help investigating the cause and fixing the source.
We prepared a handy guide to the NDB so you know if you need to be compliant and what happens if you try to hide a data leak.