The Mandatory Notification of Data Breach (MNDB) Scheme comes into effect on 28 November 2023.
The Australian government is implementing the MNDB scheme, requiring organisations to report any data breaches containing personal information. The scheme will enhance the protection of personal information and prevent identity theft. Failure to comply may result in significant financial penalties.
The MNDB scheme will apply to all organisations that are subject to the Privacy Act 1988, including businesses, government agencies, and non-profit organisations. The MNDB Scheme requires every NSW public sector agency bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of eligible data breaches and public sector agencies are required to prepare and publish a Data Breach Policy (DBP) for managing such breaches.
In the event of a data breach, organisations are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as possible. Failure to do so can result in fines of up to A$2.1 million. The scheme does not apply to data breaches that do not involve personal information or health information, or to breaches that are not likely to result in serious harm to an individual. Where the scheme does not apply, agencies are not required to notify individuals or the Commissioner but should still take action to respond to the breach. Agencies may still provide voluntary notification to individuals if considered appropriate.
Organisations should take proactive steps to prevent data breaches and comply with the MNDB legislation, by implementing strong security measures, regularly reviewing and updating privacy policies, including specific policies relating to data breaches.
By complying with the mandatory notifiable data breach scheme, organisations can protect customer personal information and avoid costly penalties.
For more information, visit www.dataresilience.com.au or the NSW IPC website. For guidance or to discuss how we can assist you complying to this new legislation, contact us: [email protected] #databreach #dataresilience #datalegislation