Privacy Law what your school needs to know
In February, Australia’s privacy laws will change. If your school is non-government and earns more than $3 million a year in revenue, then these changes will apply to you.
On 22 February 2018, Australia’s privacy laws changed. If your school is non-government and earns more than $3 million a year in revenue, then these changes apply to you.
Prior to these changes, your school had an obligation to keep all personal information it holds (for example, records of students, parents, teachers and other individuals) safe and secure. But if there’s was a security breach in regards to this information, you’re were not required by law to tell anyone about it.
That’s now changed. Amendments to the Privacy Act make it obligatory for you to notify certain breaches. Schools should seek their own legal advice, but here’s a few things you might want to know about the changes:
What is a personal information security breach?
Basically, it’s any unauthorised access or disclosure of the personal information your school holds. This also includes the loss of information that’s likely to lead to unauthorised access or disclosure.
This could include anything from the loss of a laptop containing a student’s personal details or one of your databases holding anyone’s personal details being hacked.
What has to be notified?
The obligation to notify applies if your school has reasonable grounds to believe that:
a) breach has occurred, and
b) a reasonable person would conclude that the breach is likely to result in serious harm to the person that the information relates to.
The legislation doesn’t define what is meant by ‘harm’, but it’s likely to cover financial, physical, psychological and reputational harm.
Who do you notify, and when?
If a notifiable breach occurs at your school, you’ll need to respond as soon as possible. To do this:
Firstly, you’ll need to develop a statement outlining what’s happened and your recommended response.
You’ll then need to send a copy of this to the Office of the Australian Information Commissioner (OAIC) and, if practical, send your statement to the people whose information has been breached.
If it’s not practical to tell those affected, you’ll need to publish your statement on your website or take other reasonable steps to announce the breach publicly.
Here’s the exception
If you can quickly take action to remove the likelihood of serious harm once you’ve become aware of the breach, then you are not legally required to notify anyone – but you might still choose to.
Any other obligations?
If your school only has reasonable grounds to suspect (rather than believe) there’s been a breach, then you’re required to conduct an assessment to find out more.
If your school is impacted by these new laws, then it’s recommended that you develop a data breach response plan.
A good place to start is the OAIC’s website.
In the 12 months since the Notifiable Data Breach Scheme came into effect, 964 breaches were reported. See which are the top reporting sectors, what types of information was leaked and what your business can learn to mitigate the risk internally.
The Notifiable Data Breach Scheme came into effect on 22 February 2018. Since then, the total cost per data breach has cost Australian businesses an average of US$2.13 million. Can your organisation afford to continue ignoring the risks?
Canon’s imageRUNNER ADVANCE Gen III Series III multifunction devices take advantage of McAfee Embedded Control to protect your business. This advanced solution helps you manage security policies and protects against the execution of unauthorised applications with intelligent whitelisting.
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
When you’re working with students and their families, and interfacing with the government, data security is paramount.
Managing patient health records requires the strictest security protocols. Canon’s user-friendly iR-ADV Gen III Series III multifunction devices deliver the print, copy, fax and scan features you need within a networked environment, with multi-layered security to minimise your risk of a data breach.
If you lead an established, market-leading firm, you face a dilemma.
What will education look like in the future? And what capabilities will tomorrow’s workforce need? With educators facing the prospect of training students for jobs that don’t yet exist, it’s safe to say that education will have to evolve to meet the needs of students.
As technology enters classrooms, auditoriums and libraries, it brings new risks to the education sector. All it takes is one click from a student device to potentially compromise your entire network. Faced with these various threats, does the education sector receive a ‘High Distinction’ for its efforts to protect its troves of student and staff data? Recent findings from the inaugural Canon Business Readiness Index on Security suggest not.
Email our customer support teamSend an enquiry
For customer service and sales enquiries just give us a call from within Australia
(8am to 5pm, Monday - Friday)