From February 2018, amendments to the privacy law will come into effect. The new legislation creates a positive obligation to conduct an assessment where an entity suspects, rather than believes, an eligible data breach has occurred.
The notification obligations, which will require an entity to notify affected individuals and the regulator, Office of the Australian Information Commissioner (OAIC), of any eligible data breach, will not arise where the data breach is only suspected. However, if during the course of an assessment, it becomes clear that there has been an eligible breach, then the entity needs to promptly comply with the notification requirements.
What is an ‘eligible data breach’?
A ‘data breach’ is any unauthorised access or disclosure of personal information your school holds, or where that information is lost and likely to give rise to unauthorised access or disclosure.
An ‘eligible’ data breach arises where a reasonable person would conclude that the breach is likely to result in serious harm to the person that the information relates to.
What does an assessment involve?
The OAIC has released a draft resource to assist relevant entities on their obligation to assess a suspected data breach. The OAIC makes clear that the obligation is not only to assess the relevant circumstances, but to have in place:
The key issue is that entities must take reasonable steps to ensure a “reasonable and expeditious” assessment is completed within 30 days of becoming aware of the suspected breach. As the Privacy Act does not set out how entities should assess a suspected data breach, your school will need to have a team ready and a response plan in place.
The OAIC recommends a risk based approach to the assessment and that the following 3 stage process could be appropriate:
The OAIC recommends that the process be fully documented.
A key takeaway from this resource is to have a nominated person responsible for undertaking and reporting on the assessment process. The person will need to be provided with the resources to do this task, within the timeframe, and in a way that will withstand scrutiny by the regulator.
In the new era of law, contracts are being completely re-designed or even re-imagined in various ways to make them easier to understand
With the recruitment process increasingly automated, it’s time to re-engineer your resume for the contemporary marketplace
Victoria's Highview College has made innovative use of the Canon imagePROGRAF PRO4000 wide format printer, fueling the creativity of students in both their art and drama departments.
Activ is an organisation that continues to grow and improve the choices and freedom of those living with disability.
The prospect of asking the boss for a raise might strike fear into your heart, but you’ve to to be in it to win it…
How does Australia stack up? What does it say about us as a workforce?
Whether you need a small parcel delivered, or large mining machinery transported, Brown’s Express can provide. With their business based around paper consignment notes, they needed to find a simple way to digitise all of their crucial paperwork.
EOFY isn’t only about getting your financials in order. It’s a great time for small businesses to review and plan
Government body ASIC had some tough goals to achieve when it came to sustainability.
With predictions that the workplace will replace universities as training grounds, how can you get your boss allowing you to upskill or pivot?
How has it affected their bottom line and at what price to their culture?
While email has become an everyday part of our work-life, you still might be doing it wrong.