Australia’s privacy watchdog has recommended that the federal government consider implementing the proposed Privacy Act Review reforms in the upcoming cybersecurity strategy.
In particular, the Office of the Australian Information Commissioner (OAIC) highlighted “strengthening the NDB [notifiable data breach scheme]” and removing the small business exemption from the Privacy Act to establish “baseline security protections across the economy”.
Strengthening the NDB scheme includes shortening the requirement to inform those affected, from 30 days to 72 hours, expanding reporting requirements around remediating actions in response to a data breach, and “an express requirement for entities to take reasonable steps to implement practices, procedures and systems to enable them to respond to data breaches”.
Do you know more? Contact James Riley via Email.