Notifiable Data Breaches (NDB)
NDB Legislation Overview
In February 2017, the Notifiable Data Breaches (NDB) legislation was passed as an Amendment to the Australian Privacy Act (1988), with the new regime coming into effect on 22 February 2018. The data breach notification scheme aims to help people whose personal information has been breached, to regain some control sooner rather than later.
The NDB scheme requires businesses to notify both the Office of the Australian Information Commissioner (OAIC) and any affected individuals if the company experiences any unauthorised access, disclosure, or loss of personal information, if a reasonable person would conclude that this access, disclosure, or loss would be likely to result in serious harm.
Some businesses have expressed a concern that admitting to a security breach could make it easier for customers to launch a lawsuit, while most organisations agree that disclosing the breach is good business practice.
The act makes it clear that serious harm isn’t necessarily only related to financial losses, but could also include the public disclosure of private information such as a medical condition.
The Covata Solution
Compliance with NDB legislation requires that organisations understand where personal information is stored, apply appropriate controls to secure that information from unauthorised access, monitor for any attempts to access personal data for malicious activity and then report data breaches, both to the authorities, and to the affected people.
The Covata solution for NDB legislation allows businesses to quickly and easily locate personal data, encrypt that information, centrally manage permissions to protect against unauthorised access, and log all permitted and denied access requests. With granular audit and history trails, data breaches can be detected for immediate notification to the authorities, and compliance with the NDB amendment to Australia’s Privacy Act. Furthermore, when properly applied, data encryption is a proven technique for reducing the harm caused by a data breach since encrypted data is useless.
Features and Advantages
- Locate personal information in data centres and clouds
- Encrypt sensitive personal (including medical) and financial data no matter where it is stored to render it useless
- Control administrator access to personal and financial data so attackers cannot used compromised “superuser” accounts to steal data
- Granular auditing and monitoring of all permitted and denied requests to access protected personal and financial information