The Notifiable Data Breaches (NDB) scheme, which went into effect February 22, 2018, mandates that Australian Government agencies and other organizations with the obligation to protect secure personal information under the Privacy Act 1988 (Cth) (Privacy Act) must notify individuals affected by data breaches who are likely to be adversely affected. Much in the same way the EU’s GDPR will penalize those organizations that do not comply with this notification. Fines for noncompliance can reach up to $2.1 million.
Under the Australian Privacy Principles guidelines (APP) 11.2, government and other affected organizations must take reasonable steps to destroy or de-identify the information they have once it is no longer needed for any purpose that it may be used or disclosed under these guidelines. The exception is personal information is included in a “Commonwealth record” or where the entity is required to do so by law (court order) to retain the personal information.
[crp limit=”5″ heading=”1″ cache=”0″]