The Notifiable Data Breaches scheme introduce an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The notification is to also include recommendations about steps individuals should take in response to the breach. The Australian Information Commissioner (AIC) must also be notified of the breaches.
An eligible data breach arises when the following three criteria are satisfied:
- there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that the Small businesses holds; and
- this is likely to result in serious harm to one or more individuals; and
- the Small businesses has not been able to prevent the likely risk of serious harm with remedial action.
Prompt Legal Services