Data Breach Response Plan
The Australian Government has introduced an amendment to the Australian Privacy Act 1988 called the Notifiable Data Breaches (NDB) scheme which came into effect on the 22 February 2018.
The NDB scheme under Part IIIC of the Privacy Act 1988 (Privacy Act) established requirements for entities in responding to data breaches. Entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches. (OAIC, 2018)
Here at Emerging IT we realise it’s a daunting task to work through the mass amount of information that is being presented in relation to the NDB scheme. As such, we’ve created a Data Breach response plan to ensure your organisation has the tools it needs to respond to a data breach and make you aware of your obligations for action and notification to the relevant authorities.
One of our security consultants will meet with you to get an understanding of your organisations current level of readiness and work out how we implement and tailor the plan to your organisation.
The plan will cover the following:
- Definitions of ‘personal information’, ‘data breach’, and what constitutes an ‘eligible data breach’
- Steps each staff member must follow
- A response guide outlining the following 4 steps:
- Initiate containment and preliminary investigation
- Investigate
- Evaluate
- Prevent future breaches
We will also work with you to create examples of potential data breaches your organisation could face and how this plan would be used in those instances to ensure as an organisation you are equipped to deal with a data breach.