14 February 2018
2 min read
Published by:
The new Notifiable Data Breach laws come into effect on 22 February. Outlined below are some tips to help get you up to speed.
1. Are you complying with your current obligations as set out in the Australian Privacy Principles (APPs)?
The APPs are:
APP 1 - open and transparent management of personal information
APP 2 - anonymity and pseudonymity
APP 3 - collection of solicited personal information
APP 4 - dealing with unsolicited personal information
APP 5 - notification of the collection of personal information
APP 6 - use or disclosure of personal information
APP 7 - direct marketing
APP 8 - cross-border disclosure of personal information
APP 9 - adoption, use or disclosure of government related identifiers
APP 10 - quality of personal information
APP 11 - security of personal information
APP 12 - access to personal information
APP 13 - correction of personal information
2. Review your Privacy Policy
3. Assemble your breach team
4. Create an incident assessment plan
Create an incident assessment plan to meet the 30-day legal obligation once a “suspected breach” has occurred.
Once the incident is assessed make a decision - is notification required?
5. Prepare to notify
If the assessment results in finding an eligible breach has occurred then you need to move to notify the regulator and affected individuals:
Our data and privacy team can assist you with advice and necessary documentation for all of the above steps.
Author: Lyn Nicholson
Contacts:
Sydney
Lyn Nicholson, General Counsel
T: +61 2 8083 0463
E: lyn.nicholson@holdingredlich.com
Melbourne
Dan Pearce, Partner
T: +61 3 9321 9840
E: dan.pearce@holdingredlich.com
Brisbane
Trent Taylor, Partner
T: +61 7 3135 0668
E: trent.taylor@holdingredlich.com
Disclaimer
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.
Published by: