Question

Briefly explain what you understand the meaning of the term Notifiable Data Breach means. Provide a list of three Notifiable Data Breach events that have taken place prior to 2018. (500 words).

Answer 1

The Notifiable Data Breaches (NDB) scheme requires agencies and organisations that are covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm", as soon as practicable after becoming aware of a breach. NDB represents a significant boost to privacy governance . The requirements of the NDB scheme, however, are neither exceptional nor unexpected. Meeting privacy obligations and the expectations of the community is essential. The success of an organisation that handles personal information, or a project that handles personal information, depends on trust. People have to trust that their privacy is protected and be confident that personal information will be handled in line with their expectations.

"As a result, privacy today is really about transparency and accountability."

The NDB scheme uses the phrase "eligible data breaches" to specify that not all breaches require reporting.In general terms, an eligible data breach refers to the unauthorised access, loss, or disclosure of personal information that could cause serious harm to the individual whose personal information has been compromised.

Examples of a data breach include when a device containing customers' personal information is lost or stolen, a database containing personal information is hacked, or personal information is mistakenly provided to the wrong person.

An employee browsing sensitive customer records without any legitimate purpose could constitute a data breach as they do not have authorised access to the information in question.