A Brief Guide to the ICT Security Controls Required by the Australian Privacy Principles and Mandatory Data Breach Notification Scheme

On 13 February 2017 the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill establishing a Mandatory Data Breach Notification Scheme in Australia.  The purpose of which is to protect the rights of individuals and strengthen community trust in businesses and agencies. 

This amendment to the Australian Privacy Act 1988 (Privacy Act) gives life to the Mandatory Data Breach Notification Scheme (the Scheme) which came into effect on 22 February 2018.

The scheme has been in place for three years now and we have seen multiple breach notifications be made to the Office of the Australian Information Commissioner (OAIC) each quarter. 

Many organisations do not either understand their obligations under this scheme or simply do not know how to comply.  The rest of this paper tries to raise awareness towards this.

For more information about our Cyber Security and Resilience Services, contact our Risk Advisory Team.