In the first three weeks of the Notifiable Data Breach scheme, which came into effect on 22 February, the OAIC told Accountants Daily it received 31 notifications of eligible breaches.
Specific details relating to the type of breaches and the industries they came from are not publicly available yet. Accountants Daily understands more comprehensive details will be released around the end of the month.
The new laws apply to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes businesses and not-for-profit organisations with an annual turnover of $3 million or more, as well as TFN recipients.
Firms are required to notify the OAIC and affected individuals where there has been an eligible data breach.
According to the OAIC, “a data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure”.
The scope for reportable breaches is wider than most realise. Unauthorised access which requires reporting is not necessarily in the realm of a devastating cyber attack — it could be an employee, an independent contractor, or an external third party.
You can learn more about how the new laws affect accountants here.