A seven-step plan to keep OAIC at bay.
It is Monday 19th March and the day started like any other. On your way to the office, you stop at your regular café to grab your coffee, the barista looks at you and says, “large cappuccino?”, you nod, already tasting the coffee in the air, and as you ponder the day ahead, you take a brief moment to peruse the morning’s newspaper. Tucked away on the middle pages, a competitor’s name in the headline catches your eye. It immediately has your attention, you quickly scan it and you are not sure what to make of it. A rye smirk begins to form, just before you completely grasp the reality of the situation. Your competitor has had personally identifiable information, from one of their databases, made open to the public. You repeat the sentence in your head, as the gravity of the breach begins to take hold. You read further, they have had to report to the OAIC. But, who is that? You have never heard of them. They are now required to demonstrate the reasonable steps they took to contain the breach and articulate the steps taken to protect the information in the first place. Your gut begins to turn with that uncomfortable knot, that tells you, you have lost control over an element of the business and time is of the essence. However, where would you even start? It’s time to find out more about this OAIC…
As you have probably guessed, the competitor has suffered an eligible data breach under the recently sanctioned amendment to the Privacy Act called the Notifiable Data Breaches legislation. Essentially, organisations that qualify under this amendment, due to go live on February 22nd, are required to notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in the event of an eligible data breach. This does not apply to my organisation, I hear you say, we are too small. The troublesome aspect of this legislation is that the net has been cast wide, in terms of those required to report on a breach. Let us break it down…Click here to read full article.
