Tagged With NDB


Pretty much every online service I've ever signed up for has sent me at least one email over the last month, letting me know of "important changes" to their privacy policy and data handling procedures. When I wrote about this a few weeks ago, I said that this was generally a good thing as it indicated the General Data Protection Rules (GDPR), that come into effect this Friday in the EU, had raised the privacy bar. But it turn out the emails themselves might not be legal.


Even though Australian companies don't have to comply with the General Data Protection Regulation (GDPR) when it comes into effect on Friday, that doesn't make it irrelevant. But compliance with the GDPR, our own National Data Breach (NBD) notification laws and updated privacy laws being introduced in New Zealand is not enough to ensure your systems and users are safe in today's threat landscape.


The National Data Breach (NDB) reporting system has been in operation since February and the Office of the Australian Information Commissioner (OAIC) has released their first quarterly report that covers the new reporting regime. Unsuprisingly, the number of breaches reported is way up on previous periods with human error a significant issue.