In a joint statement on 22 February 2018, the Attorney-General Christian Porter and Minister for Law Enforcement and Cyber Security Angus Taylor sent a clear message that cyber security and effective data security management is on the Government’s agenda.
The joint statement coincides with the commencement on the 22 February 2018 of the Privacy Amendment (Notifiable Data Breaches) Act 2017 – which introduces the Notifiable Data Breaches Scheme.
All Australian government agencies, organisations or companies with an annual turnover of $3mil or more, credit reporting bodies, health service providers and TFN recipients are covered by the NDB Scheme and face penalties of up to $2.1m for failure to comply.
Under the NDB Scheme, organisations are required to notify the OAIC and affected individuals of an eligible data breach. An eligible data breach refers to the unauthorised access, disclosure or loss of personal information that is likely to result in serious harm to those individuals whose personal information is subject to the breach. Organisations are also required to investigate suspected breaches within 30 days.
Attorney-General Christian Porter said the new Scheme sent a clear message that the Government was taking the security of personal information seriously.
“This means that Australians will know if their personal information has been breached and will be empowered to protect themselves, by being able to act quickly to minimise damage,” Mr Porter said.
Minister for Law Enforcement and Cyber Security, Angus Taylor, said not knowing how to protect client or customer data was becoming a poor excuse.
“There is a lot of information now available on cyber security. The onus is with business operators, with organisations and with government agencies, to put measures in place to reduce the risk of data breaches,” Mr Taylor said.