Home topics technology Datacentre Security Small Business Datacentre A last-minute guide to preparing your business for Australia’s new data breach regulations Ken Pang January 31, 2018 The deadline has been known for more than two years, yet many Australian organisations are still woefully unprepared for new data breach regulations that come into effect next month. From Thursday, 22 February, the Notifiable Data Breaches Scheme (NDB) will require all organisations that are covered by the Australian Privacy Act to notify individuals whose personal information has been involved in an eligible data breach that is likely to result in “serious harm”. Most people responsible for preparing for the new laws believe it is the responsibility of the IT department to prepare for and prevent cyberattacks, however the legislation is actually more concerned with privacy than security. With just a matter of weeks left, it may already be too late for most organisations to do much about their IT security, but they can still take steps to lower their risk of being fined or found non-compliant thanks to a privacy lapse. The key steps your organisation should be taking before 22 February include: 1. Understand what constitutes an eligible data breach A data breach is more than a hacking attack or some other obviously malicious behaviour. Losing a laptop or USB stick with personal data stored on it can be regarded as a breach. Giving personally identifiable information (PII) to a third party that is out of alignment with your privacy policy can