The scheme will commence on 22 February and will require agencies, organisations and certain other entities to provide notice to the Office of the Australian Information Commissioner (OAIC) and affected individuals of a data breach.
The scheme will cover bookkeepers and tax professionals who deal with tax file numbers, as well as entities that have an annual turnover of more than $3 million.
Speaking to The Bookkeeper, Institute of Certified Bookkeepers executive director Matthew Addison praised the initiative but believes bookkeepers already have the appropriate security measures in place.
“Bookkeepers do need to have appropriate cyber security measures in place to protect their own systems, the systems of businesses and also in particular the way they access systems of “cloud” based services. These measures are required anyway but certainly must be enhanced to protect personal information,” said Mr Addison.
“The TFN of employees in payroll are a risk item and any breach needs to be notified to the OAIC and also the tax office.
“The scheme is a good one, logical, has been implemented well and has a great website to back up a business’s understanding and implementation.”
The industry has been on alert in recent months in the build up to the NDB scheme, with professionals being told to step up their game to prevent incurring heavy fines from the OAIC.
Australian Bookkeepers Network director, Peter Thorp, earlier urged bookkeepers to review their data security controls and make improvements where required.
“Information and data security should be front of mind for all bookkeeping and accounting practices given the sensitive nature of the client information held, and also how ransomware and other IT nasties can cripple any business,” said Mr Thorp.
The Australian Small Business and Family Enterprise Ombudsman has also been vocal on the topic, urging businesses to consider the financial impact of not taking proactive measures to protect their data.
“With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of a breach on a small business is devastating,” said Ombudsman Kate Carnell.
“Protect your business’s data like you would your office: lock up at night, don’t give the keys to anyone you don’t trust, and report any suspicious activity that takes place on your premises.”