On Feburary 13th 2017 a bill to amend the Australian Privacy Principles (APP) was approved by Australian Parliament.
The bill introduces the mandatory notification of individuals whose personal information is compromised when eligible data breaches occur. This change will only affect organisations subject to the APP. In short, these changes would mean that any organisation subject to the APP must give notification if it has reasonable grounds to believe that an eligible data breach has happened, or it has been directed to do so by the office of the Privacy Commissioner. An eligible data breach is defined as unauthorised access to; or unauthorised disclosure of information that would likely, or could, result in serious harm to the individual to whom the information pertains. If the bill is passed by Parliament, organisations could have a window of time to prepare themselves before notification would become mandatory. This period will be an important time for organisations to be proactive.
Many of those responsible for ensuring their organisations meet the terms set out in this amendment will be wondering “where do we start?” or “What can we do to better ready ourselves?” This paper aims to provide organisations with four key strategies they can implement to aid pragmatic preparation for the proposed changes to the APP.