OAIC Draft Guidelines for Mandatory Data Breach Scheme

The Office of the Australian Information Commissioner (OAIC) has released business resources for the new Notifiable Data Breaches (NDB) scheme set to commence in 2018.  The NDB scheme was established earlier this year with the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017.  The NDB requires organisations covered by the Privacy Act 1988 (Cth) (“Privacy Act”) to notify individuals of eligible data breaches, or when directed to do so by the OAIC.

The resources, including resources to prepare for the NDB scheme, can be accessed on the OAIC’s new NDB website.  The OAIC has also released its Draft Guidelines for  the following aspects of the NDB scheme:

  • Entities covered by the NDB scheme
  • Notifying individuals about an eligible data breach
  • Identifying eligible data breaches
  • OAIC’s role in the NDB scheme

The OAIC is accepting comments and feedback on the above Draft Guidelines and general feedback on the scheme, including aspects of the scheme that require further clarification.   The closing date for providing comments and feedback is 14 July 2017.

DGA is currently in the process of reviewing the Draft Guidelines and will provide feedback to the OAIC on the Draft Guidelines and other aspects of the scheme that require further clarification for its Members.

To find out more visit the OAIC website.