Tag archives: plan

OAIC releases 12-month data breach scheme report – encourages entities to move beyond compliance

The Office of the Australian Information Commissioner (OAIC) this week released its 12-month Insights Report for the Notifiable Data Breach (NDB) Scheme (Report).  The Report shows trends and noteworthy statistics from 1 April 2018 to 31 March 2019, reporting an uptick in notifications and identifying the most common cyber trends leading to a requirement to … Continue reading

Privacy Shake-Up – Tougher Penalties and More Funding

What’s happened? The Australian Attorney-General’s department has announced a proposed new regime that would make changes to the Privacy Act 1988 (Cth) (Act). The proposed changes would see a significant expansion of the powers afforded to the Office of the Australian Information Commissioner (OAIC), particularly with respect to the scope of penalties that may be … Continue reading

Cyber Risk, Data Breaches and the NDB Scheme – What are the Australian Privacy Commissioner’s range of powers?

The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law. In previous posts, we have considered: the nature and contents of notification statements; how to identify which data breaches need to be notified; the steps to be taken when an organisation suspects a … Continue reading

Data breach of jointly held information: who is responsible?

The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law.  In previous posts, we have considered the nature and contents of notification statements, how to identify which data breaches need to be notified, and the steps to be taken when an organisation suspects … Continue reading

Suspicious of a data breach? You’ve got 30 days to finish your assessment

The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law. In previous posts, we have considered the nature and contents of notification statements, and how to identify which data breaches need to be notified. Those posts set out the notification requirements where an … Continue reading
LexBlog