With the Notifiable Data Breach (NDB) scheme under the Privacy Act 1998 in full force, the threat of financial and reputational impacts to organisations often overshadows the human element of the data breaches; in essence, we tend to forget what it means to be an individual impacted by a data breach. In this article, we seek to examine not only the financial hardships and lost opportunity in terms of time that individuals may suffer, but also the potential psychological impact they may endure from a breach. We also analyse the need for more informed decisions from organisations in notifying an individual impacted by a breach, as sometimes the act of notifying an individual can cause more harm than the breach itself.
Back to basics
When the Notifiable Data Breach (NDB) scheme was first introduced in February 2018, there was a huge level of anticipation and trepidation for Australian organisations. While not the first of its kind conceptually (with similar data breach regulations in force worldwide), the NDB scheme was definitely a modernised concept and generally welcomed by privacy advocates in Australia. Organisations took action to bolster their own data security and breach response procedures in an effort to comply with the newly introduced NDB scheme.
This article was first published in the September 2019 issue of Governance Directions, the official journal of Governance Institute of Australia.