Data Breach Notification Legislation is nearly here – Are you ready?

Data Breach Notification Legislation (DBNL) has been passed in Australia and will take effect on 22 February 2018. This means it’s definitely a case of business owners beware as your responsibilities under the Privacy Act will change.

Who will the new legislation affect?

The DBNL will apply to all businesses and organisations who have an annual revenue of $3 million or more or that are already required by the Privacy Act to protect the security of the information they collect and store. The scheme will also apply to the Australian Government and charitable organisations.

What is a notifiable data breach?

A notifiable data breach occurs when there is unauthorised access or disclosure of personal information that a business or organisation holds, or the information is lost. In addition, the access, disclosure or loss of the information is likely to result in serious harm to one or more people, and the business or organisation has not been able to prevent the risk of harm by their actions.

The loss or theft of a device containing customers’ personal information, the hacking of a database containing personal information,
and personal information accidentally being given to the wrong person are all examples of notifiable data breaches.

How do you identify a data breach?

First you must consider the type of access or loss that has occurred. Has the information been accessed by someone who is not authorised to have access (unauthorised access)? Has the information been made available to people who should not have access (unauthorised disclosure)? Or has the information been left behind – either as a hard copy document or on an unsecured computer or storage device – for others to access?

It is important to note, if information has been left behind but it is impossible for others to gain access – for example, remote deletion is possible or password protection is in place – then no eligible data breach has occurred.

Next you must identify whether serious harm to a person or group of people is likely to result from the information access or loss. Serious harm may include physical, psychological, emotional, financial or reputational harm.

Lastly you must consider whether any positive steps you take to limit the harm will have any impact. For example, if a file has been sent to an unintended recipient and you can confirm the recipient has deleted the file then you may have effectively managed the risk. However, if deletion cannot be assured then the risk of harm remains.

How should a data breach be handled?

There is no one way to handle a data breach as every breach is different. However, keep in mind that the first step is to contain the breach. Next, evaluate the risks associated with the breach. Then enter the notification phase. Lastly and importantly, take steps to prevent future data breaches.

Remember, every data breach should be taken seriously and acted upon immediately. What may seem inconsequential can quickly escalate.

If you need any assistance with your cyber security or you don’t know where to start please call us on  1300 478 738 or email us at

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top