It’s time… February 22nd 2018 is when the Notifiable Data Breaches scheme amendment to the Australian Privacy Act 1988 comes into effect.
It’s not D-Day but it does represent a significant change in the way all businesses, especially accountants, will have to trade in order to reduce risk and conform with the scheme.
So here’s the official summary of what NDB means from the Office of the Information Commissioner.
The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Privacy Act) establishes requirements for entities in responding to data breaches. Entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach.
What does NDB mean for us?
Well, broadly speaking, if your database or confidential documents get accessed by unauthorised people, you have to tell your customers, staff and suppliers who are on that database, plus the government, that their information was stolen. This entails both cost and embarrassment.
Nimbus is not in the business of scaremongering. Australia has had its fair share of hacking “scandals” including the Red Cross blood donors data breach which Troy Hunt uncovered and disclosed that his own wife’s blood donation records were in the dataset which had been extracted.
The fines for failing to meet your firm’s NDB obligations are eye-watering – AU$1.8 million – which will definitely affect your professional indemnity insurance premium, should you need to make a claim.
So what activity could trigger an NDB breach? It could be as simple as sending a tax return to the wrong email address, or having your local office server hacked by malicious users who steal your customers’ information.
3 steps to lower the risk of a data breach
There are three simple steps you can take to reduce the risk your firm has:
- Switch from emailing sensitive documents, to using a secure online portal
- Replace in-office document servers with secure cloud services
- Stop using legacy software systems (MYOB / APS) with local unencrypted databases
Nimbus Cloud Document Management brilliantly covers the first two scenarios, delivering significantly lower risk of an NDB occurring for your firm.
So before you sign the professional indemnity insurance renewal cheque – give the Nimbus Portal Solutions team a call. You know it makes sense.