Canberra      Brisbane      Perth

Facebook-f Twitter Instagram Linkedin
Menu

NSW Regional Authorities must have a Publicly Accessible Data Breach Policy

24 May NSW Regional Authorities must have a Publicly Accessible Data Breach Policy

Posted at 00:35h in Data & Security by

Mandatory data breach reporting: Are you are affected?

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 establishes a mandatory data breach notification scheme in Australia. Whist mandatory reporting has been in Europe for over 10 years, NSW is set to become the first Australian state or territory to introduce a mandatory data breach notification scheme following a serious cyber incident (2019).

NSW public sector entities would be required to report data breaches to the Privacy Commissioner and affected individuals when a data breach involving personal or health information is “likely to result in serious harm” under proposed laws.

“Serious harm”

A serious data breach occurs when there is “unauthorised access to or unauthorised disclosure of personal information”. Suppose an employee lost a USB thumb drive containing personal information, then you will need to report that loss in NSW. Whilst this is in line with Payment Card Industry (PCI) Compliance personal information can also include photos, contact details, fingerprints, health information about an individual’s physical or mental health, disability or any other information related to the provision of health services.

More security responsibility and the challenge

The Privacy and Personal Information Protection Amendment Bill intends to fill the gap left by the Commonwealth’s Notifiable Data Breach Scheme, which applies to federal government agencies and not state government agencies or local councils.

The scheme also requires NSW Government agencies to satisfy more data management requirements. This includes maintaining an internal data breach incident register and developed a publicly accessible data breach policy.

Framework to develop the Data Breach Policy

Creating a Data Breach Policy and response toolkit, performing internal assessments and reviews and ensuring you are achieving PCI Compliance, is part of adhering to the framework required ahead.

If you suspect a breach has occurred, your organisation must conduct an assessment with 30 days to determine whether it meets the threshold for notifying affected individuals and the privacy commissioner. 

Strategic Directions has assisted regional authorities to develop breach compliance frameworks, and we can help you introduce a plan to manage the new changes and the reporting risks that lie ahead.

Print page
0 Likes


Our Trusted Partners

university_of_melbourne
theAgency
Parliment-House
1143-768x356
southern_cross_university
agrifutures-facebook-launch-ad-6
uc_logo_inline
Airservices_Australia-Logo
seq_water
scenic_rim_council
port_maquairie_council
logan_city_council
local_buy
lga
james_cook_university
lendlease
greater_springfield
griffith_university
feros_care
dcw-logo
City-of-Playford1
brisbne_gilrls_grammer
Central_highlands_regional_council
Brisbane_City_Council
Government_SA
Hutchinson
Woolarha
Shire_Broome
Uniting_Care
Uni_Adelaide
Super_Retail_Group
NBN
Margaret_River
ahisa
Energex
Gliding_Aus
Urban_Utilities

Contact US

  • Brisbane
    Level 2, 190 Edward Street
    Brisbane, QLD, 4000 Australia
  • Canberra
    Level 1 The Realm, 18 National Circuit,
    Canberra ACT 2600
  • Perth
    Level 7, 125 Murray Street,
    Perth 6000 Australia
Facebook-f Twitter Instagram Linkedin

features

Newsletter