From February 2018, amendments to the privacy law will come into effect. The new legislation creates a positive obligation to conduct an assessment where an entity suspects, rather than believes, an eligible data breach has occurred.
The notification obligations, which will require an entity to notify affected individuals and the regulator, Office of the Australian Information Commissioner (OAIC), of any eligible data breach, will not arise where the data breach is only suspected. However, if during the course of an assessment, it becomes clear that there has been an eligible breach, then the entity needs to promptly comply with the notification requirements.
What is an ‘eligible data breach’?
A ‘data breach’ is any unauthorised access or disclosure of personal information your school holds, or where that information is lost and likely to give rise to unauthorised access or disclosure.
An ‘eligible’ data breach arises where a reasonable person would conclude that the breach is likely to result in serious harm to the person that the information relates to.
What does an assessment involve?
The OAIC has released a draft resource to assist relevant entities on their obligation to assess a suspected data breach. The OAIC makes clear that the obligation is not only to assess the relevant circumstances, but to have in place:
The key issue is that entities must take reasonable steps to ensure a “reasonable and expeditious” assessment is completed within 30 days of becoming aware of the suspected breach. As the Privacy Act does not set out how entities should assess a suspected data breach, your school will need to have a team ready and a response plan in place.
The OAIC recommends a risk based approach to the assessment and that the following 3 stage process could be appropriate:
The OAIC recommends that the process be fully documented.
A key takeaway from this resource is to have a nominated person responsible for undertaking and reporting on the assessment process. The person will need to be provided with the resources to do this task, within the timeframe, and in a way that will withstand scrutiny by the regulator.
Sign up for the latest Education Insights news, how-to's and events to stay informed and ahead of the game.Subscribe
Australia continues to fall behind the world in innovation and many are looking at the education sector for long-term answers. How can our schools and universities help close the gap?
AI is finally set to change some ingrained practices in the legal profession. Here are six areas where AI is impacting the legal industry right now.
As technology enters classrooms, auditoriums and libraries, it brings new risks to the education sector. All it takes is one click from a student device to potentially compromise your entire network. Faced with these various threats, does the education sector receive a ‘High Distinction’ for its efforts to protect its troves of student and staff data? Recent findings from the inaugural Canon Business Readiness Index on Security suggest not.
Schools have a vitally important job of educating the next generation of Australians, and yet, research shows that around 62 per cent of schools have limited or no processes for the management of non-student records. Is your school employing bast practice when it comes to management of crucial information?
Schools revolve around data and information. Unfortunately this information isn't always well managed, which often means that it can be difficult or impossible to find. What are the challenges facing today's schools around timely access to a schools information?
Never before have organisations had so much data at their fingertips. The world of print is no different. With advances in technology and the rise of connected devices, your school can gain real-time data, in-depth reporting and regular insights into what and who are driving printing costs in your school. And, when you can see your costs, you can manage them.
The way we visit museums has changed, right along with the way we deliver education. What cues can teachers take for their classrooms from the evolving museum landscape? Lots, especially when it comes to STEAM education, as some Australian teacher decently discovered.
Primary school teacher Victoria Fry shares her insights on some of the best ways to drive interactivity and engagement in the classroom.
Youth walking tours are inspiring students to photographically capture moments in time and share their experiences with the world. In the process, they’re learning the art of photography and production, while growing in personal confidence.
Brett Houghton, Head of Technology and Innovation at St Ignatius’ College, Riverview, explains how Canon inspired the school to embrace the latest in digital technologies.
"Photography is a powerful skill to share with young people. It helps them to open their imagination and to see the world differently, to focus on the detail and communicate with the world in new ways." – Steve Loughran, Canon Collective
How can your company develop leadership skills that will positively impact workplace culture?