When we talk about the Notifiable Data Breach Scheme (NDBS) and the changes to the Privacy Act 1988, a lot has been left ‘undefined.’ This doesn’t help your average business owner or management team, so we at Qbt Consulting want to help out a little and offer our take on what is classed as Eligible Data.
According to the act, the data they’re looking at refers to a number of things. Mainly anything that can be used to cause Serious Harm to an individual, or a group of individuals. First, we must understand what is meant by Serious Harm. According to the OAIC information, the following is considered Serious Harm:
We can now move on to define what Eligible Data is.
As this is a new change, not a lot is definitively outlined. When determining, we must use the generally accepted definitions and meanings of the words. A good gauge on what data could be used to cause Serious Harm are:
So, in relation to the NDBS, Eligible Data is considered anything that can be used to cause an individual Serious financial, emotional, physical and reputational harm. Pieces of information such as healthcare records, financial information, identifiable documents such as passports and drivers licenses can be used to cause this damage.
Ensuring that your business stores, manage access and encrypts any client, customer or staff information is paramount moving forward. Empowering your staff to be your Human Firewall is also a major step in the right direction. The responsibility of placing data security at the front of mind to all employees has moved away from the IT Department. It is now something that must be tackled everywhere in the business. From the Boardroom to the reception desk.